diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 8619648506c..9172c6361e6 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -83,6 +83,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2019/13xxx/CVE-2019-13007.json b/2019/13xxx/CVE-2019-13007.json new file mode 100644 index 00000000000..2f7cca10600 --- /dev/null +++ b/2019/13xxx/CVE-2019-13007.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13009.json b/2019/13xxx/CVE-2019-13009.json new file mode 100644 index 00000000000..b227344f252 --- /dev/null +++ b/2019/13xxx/CVE-2019-13009.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13010.json b/2019/13xxx/CVE-2019-13010.json new file mode 100644 index 00000000000..48d5af45071 --- /dev/null +++ b/2019/13xxx/CVE-2019-13010.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13011.json b/2019/13xxx/CVE-2019-13011.json new file mode 100644 index 00000000000..3769499483c --- /dev/null +++ b/2019/13xxx/CVE-2019-13011.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13121.json b/2019/13xxx/CVE-2019-13121.json new file mode 100644 index 00000000000..e4e900b329c --- /dev/null +++ b/2019/13xxx/CVE-2019-13121.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13457.json b/2019/13xxx/CVE-2019-13457.json new file mode 100644 index 00000000000..e517dbe7267 --- /dev/null +++ b/2019/13xxx/CVE-2019-13457.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their \"company\" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.otrs.com/category/release-and-security-notes-en/", + "refsource": "MISC", + "name": "https://www.otrs.com/category/release-and-security-notes-en/" + }, + { + "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/", + "url": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15034.json b/2019/15xxx/CVE-2019-15034.json new file mode 100644 index 00000000000..41d64cdfce5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15034.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10255.json b/2020/10xxx/CVE-2020-10255.json index ac2822cc471..a298cb82c5b 100644 --- a/2020/10xxx/CVE-2020-10255.json +++ b/2020/10xxx/CVE-2020-10255.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://twitter.com/vu5ec/status/1237399112590467072", "url": "https://twitter.com/vu5ec/status/1237399112590467072" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/antumbral/status/1237425959407513600", + "url": "https://twitter.com/antumbral/status/1237425959407513600" } ] } diff --git a/2020/10xxx/CVE-2020-10365.json b/2020/10xxx/CVE-2020-10365.json new file mode 100644 index 00000000000..82dc0ed01e3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10365.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10365", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10366.json b/2020/10xxx/CVE-2020-10366.json new file mode 100644 index 00000000000..d06bb2583d5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10367.json b/2020/10xxx/CVE-2020-10367.json new file mode 100644 index 00000000000..44cedad5a7b --- /dev/null +++ b/2020/10xxx/CVE-2020-10367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10368.json b/2020/10xxx/CVE-2020-10368.json new file mode 100644 index 00000000000..3daa2ae7407 --- /dev/null +++ b/2020/10xxx/CVE-2020-10368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10369.json b/2020/10xxx/CVE-2020-10369.json new file mode 100644 index 00000000000..9f6002985b2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10370.json b/2020/10xxx/CVE-2020-10370.json new file mode 100644 index 00000000000..56a2dcc238a --- /dev/null +++ b/2020/10xxx/CVE-2020-10370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5258.json b/2020/5xxx/CVE-2020-5258.json index 84948d6df9e..3f8b90c2cd7 100644 --- a/2020/5xxx/CVE-2020-5258.json +++ b/2020/5xxx/CVE-2020-5258.json @@ -47,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution.\n\nPrototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects.\nAn attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. \n\nThis has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" + "value": "In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" } ] }, @@ -97,4 +97,4 @@ "advisory": "GHSA-jxfh-8wgv-vfr2", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5259.json b/2020/5xxx/CVE-2020-5259.json index 3815da9ee6b..77ac9b5ec7d 100644 --- a/2020/5xxx/CVE-2020-5259.json +++ b/2020/5xxx/CVE-2020-5259.json @@ -50,7 +50,7 @@ "description_data": [ { "lang": "eng", - "value": "In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution.\n\nPrototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects.\nAn attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.\n\nThis has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" + "value": "In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" } ] }, @@ -100,4 +100,4 @@ "advisory": "GHSA-3hw5-q855-g6cw", "discovery": "UNKNOWN" } -} +} \ No newline at end of file