From 6193a40180741a66c4dd40b99980be715088ebf9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 19 Jun 2020 20:01:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/9xxx/CVE-2015-9548.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11062.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11063.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11064.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11065.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11066.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11067.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11068.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11069.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11070.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11071.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11072.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11073.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11074.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11075.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11076.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11077.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11078.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11079.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11080.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11081.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11082.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11083.json | 56 ++++++++++++++++++++++++++++++---- 2016/11xxx/CVE-2016-11084.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18905.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18906.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18907.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18908.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18913.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18914.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18915.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18916.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18917.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18918.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18919.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18920.json | 56 ++++++++++++++++++++++++++++++---- 2017/18xxx/CVE-2017-18921.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10750.json | 5 +-- 2020/14xxx/CVE-2020-14159.json | 2 +- 2020/9xxx/CVE-2020-9495.json | 15 +++++++++ 40 files changed, 1869 insertions(+), 225 deletions(-) diff --git a/2015/9xxx/CVE-2015-9548.json b/2015/9xxx/CVE-2015-9548.json index 2e040dada13..552b97614e3 100644 --- a/2015/9xxx/CVE-2015-9548.json +++ b/2015/9xxx/CVE-2015-9548.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2015-9548", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2015-9548", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11062.json b/2016/11xxx/CVE-2016-11062.json index 722d169bea4..b3241e742c0 100644 --- a/2016/11xxx/CVE-2016-11062.json +++ b/2016/11xxx/CVE-2016-11062.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11062", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11062", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11063.json b/2016/11xxx/CVE-2016-11063.json index 42a55a093bd..96fe4cce64f 100644 --- a/2016/11xxx/CVE-2016-11063.json +++ b/2016/11xxx/CVE-2016-11063.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11063", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11063", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11064.json b/2016/11xxx/CVE-2016-11064.json index d52973a71aa..c227a55cf7a 100644 --- a/2016/11xxx/CVE-2016-11064.json +++ b/2016/11xxx/CVE-2016-11064.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11064", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11064", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11065.json b/2016/11xxx/CVE-2016-11065.json index f3c938f37f4..9bfbac412b0 100644 --- a/2016/11xxx/CVE-2016-11065.json +++ b/2016/11xxx/CVE-2016-11065.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11065", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11065", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11066.json b/2016/11xxx/CVE-2016-11066.json index a2b5b604f50..0c041411526 100644 --- a/2016/11xxx/CVE-2016-11066.json +++ b/2016/11xxx/CVE-2016-11066.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11066", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11066", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11067.json b/2016/11xxx/CVE-2016-11067.json index 0e20d3215de..5e620a2c3fb 100644 --- a/2016/11xxx/CVE-2016-11067.json +++ b/2016/11xxx/CVE-2016-11067.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11067", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11068.json b/2016/11xxx/CVE-2016-11068.json index dc1dde3cff1..6e6f5f7fb32 100644 --- a/2016/11xxx/CVE-2016-11068.json +++ b/2016/11xxx/CVE-2016-11068.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11068", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11069.json b/2016/11xxx/CVE-2016-11069.json index e91a179aecf..08739bc0e34 100644 --- a/2016/11xxx/CVE-2016-11069.json +++ b/2016/11xxx/CVE-2016-11069.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11070.json b/2016/11xxx/CVE-2016-11070.json index 34b42af85d8..fd1918e7ea6 100644 --- a/2016/11xxx/CVE-2016-11070.json +++ b/2016/11xxx/CVE-2016-11070.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11071.json b/2016/11xxx/CVE-2016-11071.json index fc150dbda87..da687da7033 100644 --- a/2016/11xxx/CVE-2016-11071.json +++ b/2016/11xxx/CVE-2016-11071.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11071", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11072.json b/2016/11xxx/CVE-2016-11072.json index aae1fd44d15..13474680ba5 100644 --- a/2016/11xxx/CVE-2016-11072.json +++ b/2016/11xxx/CVE-2016-11072.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11072", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11073.json b/2016/11xxx/CVE-2016-11073.json index a51e9acbac9..04d74462595 100644 --- a/2016/11xxx/CVE-2016-11073.json +++ b/2016/11xxx/CVE-2016-11073.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11074.json b/2016/11xxx/CVE-2016-11074.json index fd49c4bafb8..c64dfb3b66f 100644 --- a/2016/11xxx/CVE-2016-11074.json +++ b/2016/11xxx/CVE-2016-11074.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11074", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11075.json b/2016/11xxx/CVE-2016-11075.json index c46ff84bfcd..7ae6f71e801 100644 --- a/2016/11xxx/CVE-2016-11075.json +++ b/2016/11xxx/CVE-2016-11075.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11075", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11075", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11076.json b/2016/11xxx/CVE-2016-11076.json index 06f8166e664..222c90aa0fb 100644 --- a/2016/11xxx/CVE-2016-11076.json +++ b/2016/11xxx/CVE-2016-11076.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11076", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11076", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11077.json b/2016/11xxx/CVE-2016-11077.json index 5548fd38808..5448420d85b 100644 --- a/2016/11xxx/CVE-2016-11077.json +++ b/2016/11xxx/CVE-2016-11077.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11077", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11077", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11078.json b/2016/11xxx/CVE-2016-11078.json index 134997de342..2cbfe2018f5 100644 --- a/2016/11xxx/CVE-2016-11078.json +++ b/2016/11xxx/CVE-2016-11078.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11078", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11079.json b/2016/11xxx/CVE-2016-11079.json index 6705826c41f..8f994ea586f 100644 --- a/2016/11xxx/CVE-2016-11079.json +++ b/2016/11xxx/CVE-2016-11079.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11079", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11079", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11080.json b/2016/11xxx/CVE-2016-11080.json index 8e5872e4f7b..9194064de3e 100644 --- a/2016/11xxx/CVE-2016-11080.json +++ b/2016/11xxx/CVE-2016-11080.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11080", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11080", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11081.json b/2016/11xxx/CVE-2016-11081.json index cedaaa69c1f..94af988cb13 100644 --- a/2016/11xxx/CVE-2016-11081.json +++ b/2016/11xxx/CVE-2016-11081.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11081", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11081", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11082.json b/2016/11xxx/CVE-2016-11082.json index 4492bb91d6f..e23738f5cb4 100644 --- a/2016/11xxx/CVE-2016-11082.json +++ b/2016/11xxx/CVE-2016-11082.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11082", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11082", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11083.json b/2016/11xxx/CVE-2016-11083.json index 3d6bfcb1e77..c2d4c6a16dd 100644 --- a/2016/11xxx/CVE-2016-11083.json +++ b/2016/11xxx/CVE-2016-11083.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11083", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11083", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2016/11xxx/CVE-2016-11084.json b/2016/11xxx/CVE-2016-11084.json index 19a9c320041..04a0124b7c2 100644 --- a/2016/11xxx/CVE-2016-11084.json +++ b/2016/11xxx/CVE-2016-11084.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11084", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11084", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18905.json b/2017/18xxx/CVE-2017-18905.json index 398b890802d..faec40a6a36 100644 --- a/2017/18xxx/CVE-2017-18905.json +++ b/2017/18xxx/CVE-2017-18905.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18905", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18905", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18906.json b/2017/18xxx/CVE-2017-18906.json index e0d4aceca6d..6799ade535d 100644 --- a/2017/18xxx/CVE-2017-18906.json +++ b/2017/18xxx/CVE-2017-18906.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18906", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18906", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18907.json b/2017/18xxx/CVE-2017-18907.json index 809ae382b55..844213407f5 100644 --- a/2017/18xxx/CVE-2017-18907.json +++ b/2017/18xxx/CVE-2017-18907.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18907", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18907", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18908.json b/2017/18xxx/CVE-2017-18908.json index 3b2669ddf7c..ef39975693c 100644 --- a/2017/18xxx/CVE-2017-18908.json +++ b/2017/18xxx/CVE-2017-18908.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18908", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18908", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18913.json b/2017/18xxx/CVE-2017-18913.json index 03bf623e053..c71f5abd74f 100644 --- a/2017/18xxx/CVE-2017-18913.json +++ b/2017/18xxx/CVE-2017-18913.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18913", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18913", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18914.json b/2017/18xxx/CVE-2017-18914.json index bd4130dbc38..d2a5b157320 100644 --- a/2017/18xxx/CVE-2017-18914.json +++ b/2017/18xxx/CVE-2017-18914.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18914", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18914", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18915.json b/2017/18xxx/CVE-2017-18915.json index 14202f2b3cd..9b6683ea3c0 100644 --- a/2017/18xxx/CVE-2017-18915.json +++ b/2017/18xxx/CVE-2017-18915.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18915", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18915", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18916.json b/2017/18xxx/CVE-2017-18916.json index 2b9f8d5043b..830bd530056 100644 --- a/2017/18xxx/CVE-2017-18916.json +++ b/2017/18xxx/CVE-2017-18916.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18916", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18916", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18917.json b/2017/18xxx/CVE-2017-18917.json index 3fcd0fb3b22..2a7ee821f69 100644 --- a/2017/18xxx/CVE-2017-18917.json +++ b/2017/18xxx/CVE-2017-18917.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18917", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18917", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18918.json b/2017/18xxx/CVE-2017-18918.json index 47111a379e8..3ca04336eaf 100644 --- a/2017/18xxx/CVE-2017-18918.json +++ b/2017/18xxx/CVE-2017-18918.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18918", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18918", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18919.json b/2017/18xxx/CVE-2017-18919.json index 768e45b47a5..b5fb8c4d24e 100644 --- a/2017/18xxx/CVE-2017-18919.json +++ b/2017/18xxx/CVE-2017-18919.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18919", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18919", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18920.json b/2017/18xxx/CVE-2017-18920.json index 390b8873fc4..f67c34face5 100644 --- a/2017/18xxx/CVE-2017-18920.json +++ b/2017/18xxx/CVE-2017-18920.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18920", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18920", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2017/18xxx/CVE-2017-18921.json b/2017/18xxx/CVE-2017-18921.json index 262c2f2d11d..c4eeaca51ce 100644 --- a/2017/18xxx/CVE-2017-18921.json +++ b/2017/18xxx/CVE-2017-18921.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18921", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mattermost.com/security-updates/", + "url": "https://mattermost.com/security-updates/" } ] } diff --git a/2020/10xxx/CVE-2020-10750.json b/2020/10xxx/CVE-2020-10750.json index 1ca0c499b17..dfa783a0f81 100644 --- a/2020/10xxx/CVE-2020-10750.json +++ b/2020/10xxx/CVE-2020-10750.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10750", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -81,4 +82,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14159.json b/2020/14xxx/CVE-2020-14159.json index a8f8dd2d386..3c91e3ea4d5 100644 --- a/2020/14xxx/CVE-2020-14159.json +++ b/2020/14xxx/CVE-2020-14159.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178." + "value": "By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178." } ] }, diff --git a/2020/9xxx/CVE-2020-9495.json b/2020/9xxx/CVE-2020-9495.json index 2ddd5f8ee7c..ceb99d2d899 100644 --- a/2020/9xxx/CVE-2020-9495.json +++ b/2020/9xxx/CVE-2020-9495.json @@ -48,6 +48,21 @@ "refsource": "MISC", "name": "http://archiva.apache.org/security.html#CVE-2020-9495", "url": "http://archiva.apache.org/security.html#CVE-2020-9495" + }, + { + "refsource": "MLIST", + "name": "[maven-users] 20200619 [SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection", + "url": "https://lists.apache.org/thread.html/r7ae580f700ade57b00641a70a5c639a3ba576893bbf7f9fd93bc491d@%3Cusers.maven.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[archiva-dev] 20200619 [SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection", + "url": "https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188f59450dd8f9b6d@%3Cdev.archiva.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[archiva-users] 20200619 [SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection", + "url": "https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188f59450dd8f9b6d@%3Cusers.archiva.apache.org%3E" } ] },