diff --git a/2019/19xxx/CVE-2019-19605.json b/2019/19xxx/CVE-2019-19605.json index 21974996b80..d91dc8d56b9 100644 --- a/2019/19xxx/CVE-2019-19605.json +++ b/2019/19xxx/CVE-2019-19605.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution." + "value": "X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution." } ] }, diff --git a/2019/19xxx/CVE-2019-19606.json b/2019/19xxx/CVE-2019-19606.json index dc77ded751d..85e5d4cfe93 100644 --- a/2019/19xxx/CVE-2019-19606.json +++ b/2019/19xxx/CVE-2019-19606.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system." + "value": "X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system." } ] }, diff --git a/2020/11xxx/CVE-2020-11441.json b/2020/11xxx/CVE-2020-11441.json index adf409d47ad..23bd5f7e525 100644 --- a/2020/11xxx/CVE-2020-11441.json +++ b/2020/11xxx/CVE-2020-11441.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page." + "value": "** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states \"I don't see anything specifically exploitable.\"" } ] }, diff --git a/2020/5xxx/CVE-2020-5391.json b/2020/5xxx/CVE-2020-5391.json index dfd4c459c51..a71b8ba28c7 100644 --- a/2020/5xxx/CVE-2020-5391.json +++ b/2020/5xxx/CVE-2020-5391.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5391", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5391", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/wp-auth0/releases", + "refsource": "MISC", + "name": "https://github.com/auth0/wp-auth0/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0", + "url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v", + "url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v" } ] } diff --git a/2020/5xxx/CVE-2020-5392.json b/2020/5xxx/CVE-2020-5392.json index 7b3fa266960..0b4c09726c0 100644 --- a/2020/5xxx/CVE-2020-5392.json +++ b/2020/5xxx/CVE-2020-5392.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/wp-auth0/releases", + "refsource": "MISC", + "name": "https://github.com/auth0/wp-auth0/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0", + "url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v", + "url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v" } ] } diff --git a/2020/6xxx/CVE-2020-6753.json b/2020/6xxx/CVE-2020-6753.json index b51bccee3a9..6d00c3b6263 100644 --- a/2020/6xxx/CVE-2020-6753.json +++ b/2020/6xxx/CVE-2020-6753.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6753", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6753", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/wp-auth0/releases", + "refsource": "MISC", + "name": "https://github.com/auth0/wp-auth0/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0", + "url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v", + "url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v" } ] } diff --git a/2020/7xxx/CVE-2020-7947.json b/2020/7xxx/CVE-2020-7947.json index cf2bb420877..d93880b70ea 100644 --- a/2020/7xxx/CVE-2020-7947.json +++ b/2020/7xxx/CVE-2020-7947.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7947", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7947", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/auth0/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/auth0/#developers" + }, + { + "url": "https://auth0.com/docs/cms/wordpress", + "refsource": "MISC", + "name": "https://auth0.com/docs/cms/wordpress" + }, + { + "refsource": "CONFIRM", + "name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0", + "url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v", + "url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v" } ] } diff --git a/2020/7xxx/CVE-2020-7948.json b/2020/7xxx/CVE-2020-7948.json index 4d7b00be497..ec30356e11e 100644 --- a/2020/7xxx/CVE-2020-7948.json +++ b/2020/7xxx/CVE-2020-7948.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7948", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7948", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/auth0/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/auth0/#developers" + }, + { + "url": "https://auth0.com/docs/cms/wordpress", + "refsource": "MISC", + "name": "https://auth0.com/docs/cms/wordpress" + }, + { + "refsource": "CONFIRM", + "name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0", + "url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v", + "url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v" } ] }