From a66648b0ae2fbf4b8e9274dc5b24b1dd5806cb75 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Thu, 9 Jul 2020 14:59:46 -0400 Subject: [PATCH 01/41] IBM20200709-145946 Added CVE-2020-4173, CVE-2020-4305 --- 2020/4xxx/CVE-2020-4173.json | 105 +++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4305.json | 108 ++++++++++++++++++++++++++++++----- 2 files changed, 183 insertions(+), 30 deletions(-) diff --git a/2020/4xxx/CVE-2020-4173.json b/2020/4xxx/CVE-2020-4173.json index 431aa9ddedb..0072316fbbf 100644 --- a/2020/4xxx/CVE-2020-4173.json +++ b/2020/4xxx/CVE-2020-4173.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "UI" : "R", + "SCORE" : "3.100", + "C" : "L", + "A" : "N", + "AC" : "H", + "AV" : "N", + "I" : "N", + "S" : "U" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "InfoSphere Guardium Activity Monitor", + "version" : { + "version_data" : [ + { + "version_value" : "10.6" + }, + { + "version_value" : "11.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6244924", + "url" : "https://www.ibm.com/support/pages/node/6244924", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6244924 (InfoSphere Guardium Activity Monitor)" + }, + { + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174682", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-guardium-cve20204173-info-disc (174682)" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "ID" : "CVE-2020-4173", + "DATE_PUBLIC" : "2020-07-08T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_version" : "4.0" +} diff --git a/2020/4xxx/CVE-2020-4305.json b/2020/4xxx/CVE-2020-4305.json index 63f769875e2..75a800bf3fa 100644 --- a/2020/4xxx/CVE-2020-4305.json +++ b/2020/4xxx/CVE-2020-4305.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2020-07-08T00:00:00", + "ID" : "CVE-2020-4305", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6244664", + "title" : "IBM Security Bulletin 6244664 (InfoSphere Information Server)", + "url" : "https://www.ibm.com/support/pages/node/6244664", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-infosphere-cve20204305-code-exec (176677)" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AC" : "H", + "AV" : "N", + "I" : "H", + "S" : "U", + "SCORE" : "8.100", + "PR" : "N", + "UI" : "N", + "A" : "H", + "C" : "H" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "InfoSphere Information Server", + "version" : { + "version_data" : [ + { + "version_value" : "11.3" + }, + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677." + } + ] + }, + "data_type" : "CVE" +} From 560f3499a1870066fd0ddc474e34821b0f9fb906 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 9 Jul 2020 19:01:32 +0000 Subject: [PATCH 02/41] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14944.json | 5 +++ 2020/15xxx/CVE-2020-15001.json | 59 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15046.json | 5 +++ 2020/15xxx/CVE-2020-15092.json | 2 +- 2020/15xxx/CVE-2020-15093.json | 2 +- 2020/15xxx/CVE-2020-15299.json | 56 ++++++++++++++++++++++++++++---- 6 files changed, 115 insertions(+), 14 deletions(-) diff --git a/2020/14xxx/CVE-2020-14944.json b/2020/14xxx/CVE-2020-14944.json index 559120522e7..280d2eb73ed 100644 --- a/2020/14xxx/CVE-2020-14944.json +++ b/2020/14xxx/CVE-2020-14944.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md", "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html" } ] } diff --git a/2020/15xxx/CVE-2020-15001.json b/2020/15xxx/CVE-2020-15001.json index feb19a4bda9..4db500d9c80 100644 --- a/2020/15xxx/CVE-2020-15001.json +++ b/2020/15xxx/CVE-2020-15001.json @@ -1,18 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15001", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15001", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.)" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.yubico.com/support/security-advisories/ysa-2020-04/", + "url": "https://www.yubico.com/support/security-advisories/ysa-2020-04/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15046.json b/2020/15xxx/CVE-2020-15046.json index 0906af59657..79b1f22df10 100644 --- a/2020/15xxx/CVE-2020-15046.json +++ b/2020/15xxx/CVE-2020-15046.json @@ -56,6 +56,11 @@ "url": "https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgery", "refsource": "MISC", "name": "https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgery" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158373/SuperMicro-IPMI-03.40-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/158373/SuperMicro-IPMI-03.40-Cross-Site-Request-Forgery.html" } ] } diff --git a/2020/15xxx/CVE-2020-15092.json b/2020/15xxx/CVE-2020-15092.json index 37e6e76ce40..3f609c613de 100644 --- a/2020/15xxx/CVE-2020-15092.json +++ b/2020/15xxx/CVE-2020-15092.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file.\n\nMost TimelineJS users configure their timeline with a Google Sheets document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if they grant public write access to the document.\n\nSome TimelineJS users configure their timeline with a JSON document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if write access to the system hosting that document is otherwise compromised.\n\nVersion 3.7.0 of TimelineJS addresses this in two ways. For content which is intended to support limited HTML markup for styling and linking, that content is \"sanitized\" before being added to the DOM.\nFor content intended for simple text display, all markup is stripped.\n\nVery few users of TimelineJS actually install the TimelineJS code on their server. Most users publish a timeline using a URL hosted on systems we control. The fix for this issue is published to our system such that **those users will automatically begin using the new code**. The only exception would be users who have deliberately edited the embed URL to \"pin\" their timeline to an earlier version of the code.\n\nSome users of TimelineJS use it as a part of a wordpress plugin (knight-lab-timelinejs). Version 3.7.0.0 of that plugin and newer integrate the updated code. Users are encouraged to update the plugin rather than manually update the embedded version of TimelineJS." + "value": "In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most TimelineJS users configure their timeline with a Google Sheets document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if they grant public write access to the document. Some TimelineJS users configure their timeline with a JSON document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if write access to the system hosting that document is otherwise compromised. Version 3.7.0 of TimelineJS addresses this in two ways. For content which is intended to support limited HTML markup for styling and linking, that content is \"sanitized\" before being added to the DOM. For content intended for simple text display, all markup is stripped. Very few users of TimelineJS actually install the TimelineJS code on their server. Most users publish a timeline using a URL hosted on systems we control. The fix for this issue is published to our system such that **those users will automatically begin using the new code**. The only exception would be users who have deliberately edited the embed URL to \"pin\" their timeline to an earlier version of the code. Some users of TimelineJS use it as a part of a wordpress plugin (knight-lab-timelinejs). Version 3.7.0.0 of that plugin and newer integrate the updated code. Users are encouraged to update the plugin rather than manually update the embedded version of TimelineJS." } ] }, diff --git a/2020/15xxx/CVE-2020-15093.json b/2020/15xxx/CVE-2020-15093.json index b70fbf58dd5..d0282e4d98c 100644 --- a/2020/15xxx/CVE-2020-15093.json +++ b/2020/15xxx/CVE-2020-15093.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid.\n\nA fix is available in version 0.7.1.\n \nCVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation." + "value": "The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation." } ] }, diff --git a/2020/15xxx/CVE-2020-15299.json b/2020/15xxx/CVE-2020-15299.json index 53cd20b19d6..a51dc5ea30e 100644 --- a/2020/15xxx/CVE-2020-15299.json +++ b/2020/15xxx/CVE-2020-15299.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15299", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15299", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/07/xss-flaw-impacting-100000-sites-patched-in-kingcomposer/", + "url": "https://www.wordfence.com/blog/2020/07/xss-flaw-impacting-100000-sites-patched-in-kingcomposer/" } ] } From 9f34d71694d3e02ed696d6905226447e683c65ca Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 9 Jul 2020 20:01:38 +0000 Subject: [PATCH 03/41] "-Synchronized-Data." --- 2017/12xxx/CVE-2017-12133.json | 5 + 2017/18xxx/CVE-2017-18269.json | 5 + 2018/11xxx/CVE-2018-11236.json | 5 + 2018/11xxx/CVE-2018-11237.json | 5 + 2018/19xxx/CVE-2018-19591.json | 5 + 2018/6xxx/CVE-2018-6485.json | 5 + 2019/17xxx/CVE-2019-17543.json | 5 + 2019/19xxx/CVE-2019-19126.json | 5 + 2019/9xxx/CVE-2019-9169.json | 5 + 2020/10xxx/CVE-2020-10029.json | 5 + 2020/1xxx/CVE-2020-1751.json | 5 + 2020/1xxx/CVE-2020-1752.json | 5 + 2020/4xxx/CVE-2020-4173.json | 180 +++++++++++++++---------------- 2020/4xxx/CVE-2020-4305.json | 186 ++++++++++++++++----------------- 14 files changed, 243 insertions(+), 183 deletions(-) diff --git a/2017/12xxx/CVE-2017-12133.json b/2017/12xxx/CVE-2017-12133.json index c8e947f2d4e..b9832ebf3ff 100644 --- a/2017/12xxx/CVE-2017-12133.json +++ b/2017/12xxx/CVE-2017-12133.json @@ -71,6 +71,11 @@ "name": "FEDORA-2017-270ab2baa3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYZL6PAKI73XYRJYL5VLDGA4FFGWMB7A/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18269.json b/2017/18xxx/CVE-2017-18269.json index 44b1ec52280..8f389f21d35 100644 --- a/2017/18xxx/CVE-2017-18269.json +++ b/2017/18xxx/CVE-2017-18269.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190401-0001/", "url": "https://security.netapp.com/advisory/ntap-20190401-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2018/11xxx/CVE-2018-11236.json b/2018/11xxx/CVE-2018-11236.json index 0fe5626eaf7..8987c904c2f 100644 --- a/2018/11xxx/CVE-2018-11236.json +++ b/2018/11xxx/CVE-2018-11236.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:0327", "url": "https://access.redhat.com/errata/RHBA-2019:0327" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2018/11xxx/CVE-2018-11237.json b/2018/11xxx/CVE-2018-11237.json index 20afb14b09c..519a638e9fc 100644 --- a/2018/11xxx/CVE-2018-11237.json +++ b/2018/11xxx/CVE-2018-11237.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:0327", "url": "https://access.redhat.com/errata/RHBA-2019:0327" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2018/19xxx/CVE-2018-19591.json b/2018/19xxx/CVE-2018-19591.json index 8c133895559..05fa679cb1b 100644 --- a/2018/19xxx/CVE-2018-19591.json +++ b/2018/19xxx/CVE-2018-19591.json @@ -101,6 +101,11 @@ "refsource": "GENTOO", "name": "GLSA-201908-06", "url": "https://security.gentoo.org/glsa/201908-06" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2018/6xxx/CVE-2018-6485.json b/2018/6xxx/CVE-2018-6485.json index 7c857fc99f5..3372bcb1598 100644 --- a/2018/6xxx/CVE-2018-6485.json +++ b/2018/6xxx/CVE-2018-6485.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4218-1", "url": "https://usn.ubuntu.com/4218-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2019/17xxx/CVE-2019-17543.json b/2019/17xxx/CVE-2019-17543.json index 456fe7dc0c6..41e9c652f2d 100644 --- a/2019/17xxx/CVE-2019-17543.json +++ b/2019/17xxx/CVE-2019-17543.json @@ -126,6 +126,11 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26@%3Cissues.kudu.apache.org%3E", "url": "https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26@%3Cissues.kudu.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kudu-issues] 20200709 [jira] [Resolved] (KUDU-3156) Whether the CVE-2019-17543 vulnerability of lz affects kudu", + "url": "https://lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720@%3Cissues.kudu.apache.org%3E" } ] } diff --git a/2019/19xxx/CVE-2019-19126.json b/2019/19xxx/CVE-2019-19126.json index 13ec6b12d41..86dd2a7a1c2 100644 --- a/2019/19xxx/CVE-2019-19126.json +++ b/2019/19xxx/CVE-2019-19126.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-c32e4b271c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2019/9xxx/CVE-2019-9169.json b/2019/9xxx/CVE-2019-9169.json index 1b32c55191f..9ca834291a3 100644 --- a/2019/9xxx/CVE-2019-9169.json +++ b/2019/9xxx/CVE-2019-9169.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-202006-04", "url": "https://security.gentoo.org/glsa/202006-04" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2020/10xxx/CVE-2020-10029.json b/2020/10xxx/CVE-2020-10029.json index 6195f421b6b..af520bdd9f6 100644 --- a/2020/10xxx/CVE-2020-10029.json +++ b/2020/10xxx/CVE-2020-10029.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-202006-04", "url": "https://security.gentoo.org/glsa/202006-04" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] } diff --git a/2020/1xxx/CVE-2020-1751.json b/2020/1xxx/CVE-2020-1751.json index 23abd741290..1506f80b531 100644 --- a/2020/1xxx/CVE-2020-1751.json +++ b/2020/1xxx/CVE-2020-1751.json @@ -63,6 +63,11 @@ "refsource": "GENTOO", "name": "GLSA-202006-04", "url": "https://security.gentoo.org/glsa/202006-04" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] }, diff --git a/2020/1xxx/CVE-2020-1752.json b/2020/1xxx/CVE-2020-1752.json index 362e5bfb858..197ea3834ef 100644 --- a/2020/1xxx/CVE-2020-1752.json +++ b/2020/1xxx/CVE-2020-1752.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200511-0005/", "url": "https://security.netapp.com/advisory/ntap-20200511-0005/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4416-1", + "url": "https://usn.ubuntu.com/4416-1/" } ] }, diff --git a/2020/4xxx/CVE-2020-4173.json b/2020/4xxx/CVE-2020-4173.json index 0072316fbbf..664a2cb6482 100644 --- a/2020/4xxx/CVE-2020-4173.json +++ b/2020/4xxx/CVE-2020-4173.json @@ -1,93 +1,93 @@ { - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "UI" : "R", - "SCORE" : "3.100", - "C" : "L", - "A" : "N", - "AC" : "H", - "AV" : "N", - "I" : "N", - "S" : "U" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Guardium Activity Monitor", - "version" : { - "version_data" : [ - { - "version_value" : "10.6" - }, - { - "version_value" : "11.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "UI": "R", + "SCORE": "3.100", + "C": "L", + "A": "N", + "AC": "H", + "AV": "N", + "I": "N", + "S": "U" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6244924", - "url" : "https://www.ibm.com/support/pages/node/6244924", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6244924 (InfoSphere Guardium Activity Monitor)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174682", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-guardium-cve20204173-info-disc (174682)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Guardium Activity Monitor", + "version": { + "version_data": [ + { + "version_value": "10.6" + }, + { + "version_value": "11.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2020-4173", - "DATE_PUBLIC" : "2020-07-08T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_version" : "4.0" -} + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6244924", + "url": "https://www.ibm.com/support/pages/node/6244924", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6244924 (InfoSphere Guardium Activity Monitor)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174682", + "title": "X-Force Vulnerability Report", + "name": "ibm-guardium-cve20204173-info-disc (174682)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-4173", + "DATE_PUBLIC": "2020-07-08T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4305.json b/2020/4xxx/CVE-2020-4305.json index 75a800bf3fa..987ce567874 100644 --- a/2020/4xxx/CVE-2020-4305.json +++ b/2020/4xxx/CVE-2020-4305.json @@ -1,96 +1,96 @@ { - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-07-08T00:00:00", - "ID" : "CVE-2020-4305", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6244664", - "title" : "IBM Security Bulletin 6244664 (InfoSphere Information Server)", - "url" : "https://www.ibm.com/support/pages/node/6244664", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-infosphere-cve20204305-code-exec (176677)" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "H", - "AV" : "N", - "I" : "H", - "S" : "U", - "SCORE" : "8.100", - "PR" : "N", - "UI" : "N", - "A" : "H", - "C" : "H" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-07-08T00:00:00", + "ID": "CVE-2020-4305", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - }, - { - "version_value" : "11.5" - }, - { - "version_value" : "11.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677." - } - ] - }, - "data_type" : "CVE" -} + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6244664", + "title": "IBM Security Bulletin 6244664 (InfoSphere Information Server)", + "url": "https://www.ibm.com/support/pages/node/6244664", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176677", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-infosphere-cve20204305-code-exec (176677)" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "H", + "AV": "N", + "I": "H", + "S": "U", + "SCORE": "8.100", + "PR": "N", + "UI": "N", + "A": "H", + "C": "H" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.3" + }, + { + "version_value": "11.5" + }, + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677." + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file From 991642a504caa780e7fd0ab698cb61853d98fd6a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 9 Jul 2020 21:01:25 +0000 Subject: [PATCH 04/41] "-Synchronized-Data." --- 2014/9xxx/CVE-2014-9862.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2014/9xxx/CVE-2014-9862.json b/2014/9xxx/CVE-2014-9862.json index 7a5d02f6079..199f5996550 100644 --- a/2014/9xxx/CVE-2014-9862.json +++ b/2014/9xxx/CVE-2014-9862.json @@ -106,6 +106,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-44", "url": "https://security.gentoo.org/glsa/202003-44" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200709 X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch", + "url": "http://www.openwall.com/lists/oss-security/2020/07/09/2" } ] } From 40e6d4a25ba838a1c744e80c890e2014a5713f79 Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Fri, 10 Jul 2020 10:23:54 +0900 Subject: [PATCH 05/41] JPCERT/CC 2020-07-10-10-23 --- 2020/5xxx/CVE-2020-5607.json | 59 ++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 3 deletions(-) diff --git a/2020/5xxx/CVE-2020-5607.json b/2020/5xxx/CVE-2020-5607.json index 3a5ca094099..6930b40a3b3 100644 --- a/2020/5xxx/CVE-2020-5607.json +++ b/2020/5xxx/CVE-2020-5607.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SHIRASAGI Project", + "product": { + "product_data": [ + { + "product_name": "SHIRASAGI", + "version": { + "version_data": [ + { + "version_value": "v1.13.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ss-proj.org/" + }, + { + "url": "https://github.com/shirasagi/shirasagi" + }, + { + "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a" + }, + { + "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch" + }, + { + "url": "https://jvn.jp/en/jp/JVN55657988/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." } ] } From e9cb933854ab332a5022f5afab7767ba190d0890 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 02:01:34 +0000 Subject: [PATCH 06/41] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5607.json | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/2020/5xxx/CVE-2020-5607.json b/2020/5xxx/CVE-2020-5607.json index 6930b40a3b3..33530596224 100644 --- a/2020/5xxx/CVE-2020-5607.json +++ b/2020/5xxx/CVE-2020-5607.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5607", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,19 +45,29 @@ "references": { "reference_data": [ { - "url": "https://www.ss-proj.org/" + "url": "https://www.ss-proj.org/", + "refsource": "MISC", + "name": "https://www.ss-proj.org/" }, { - "url": "https://github.com/shirasagi/shirasagi" + "url": "https://github.com/shirasagi/shirasagi", + "refsource": "MISC", + "name": "https://github.com/shirasagi/shirasagi" }, { - "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a" + "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a", + "refsource": "MISC", + "name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a" }, { - "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch" + "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch", + "refsource": "MISC", + "name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch" }, { - "url": "https://jvn.jp/en/jp/JVN55657988/index.html" + "url": "https://jvn.jp/en/jp/JVN55657988/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN55657988/index.html" } ] }, From 4004984878709b7049407627b7429e324ba64771 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 03:01:26 +0000 Subject: [PATCH 07/41] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18348.json | 5 +++++ 2020/10xxx/CVE-2020-10177.json | 5 +++++ 2020/10xxx/CVE-2020-10378.json | 5 +++++ 2020/10xxx/CVE-2020-10379.json | 5 +++++ 2020/10xxx/CVE-2020-10994.json | 5 +++++ 2020/11xxx/CVE-2020-11538.json | 5 +++++ 2020/15xxx/CVE-2020-15503.json | 5 +++++ 2020/8xxx/CVE-2020-8492.json | 5 +++++ 8 files changed, 40 insertions(+) diff --git a/2019/18xxx/CVE-2019-18348.json b/2019/18xxx/CVE-2019-18348.json index a37fe48bfe1..951ca4a7035 100644 --- a/2019/18xxx/CVE-2019-18348.json +++ b/2019/18xxx/CVE-2019-18348.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-8bdd3fd7a4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ea5bdbcc90", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/" } ] } diff --git a/2020/10xxx/CVE-2020-10177.json b/2020/10xxx/CVE-2020-10177.json index e81298abb7b..bf054470e25 100644 --- a/2020/10xxx/CVE-2020-10177.json +++ b/2020/10xxx/CVE-2020-10177.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-c52106e48a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0737711b6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" } ] } diff --git a/2020/10xxx/CVE-2020-10378.json b/2020/10xxx/CVE-2020-10378.json index 4497a6a211a..37f0ef69be3 100644 --- a/2020/10xxx/CVE-2020-10378.json +++ b/2020/10xxx/CVE-2020-10378.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-c52106e48a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0737711b6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" } ] } diff --git a/2020/10xxx/CVE-2020-10379.json b/2020/10xxx/CVE-2020-10379.json index 4143701e4dd..1a020e84d26 100644 --- a/2020/10xxx/CVE-2020-10379.json +++ b/2020/10xxx/CVE-2020-10379.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html", "url": "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0737711b6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" } ] } diff --git a/2020/10xxx/CVE-2020-10994.json b/2020/10xxx/CVE-2020-10994.json index 9628c0c520a..b85b3cbd7d4 100644 --- a/2020/10xxx/CVE-2020-10994.json +++ b/2020/10xxx/CVE-2020-10994.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-c52106e48a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0737711b6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" } ] } diff --git a/2020/11xxx/CVE-2020-11538.json b/2020/11xxx/CVE-2020-11538.json index 4192ae46668..8681b61a96f 100644 --- a/2020/11xxx/CVE-2020-11538.json +++ b/2020/11xxx/CVE-2020-11538.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-c52106e48a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0737711b6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" } ] } diff --git a/2020/15xxx/CVE-2020-15503.json b/2020/15xxx/CVE-2020-15503.json index 62681b0cff5..11a23809183 100644 --- a/2020/15xxx/CVE-2020-15503.json +++ b/2020/15xxx/CVE-2020-15503.json @@ -66,6 +66,11 @@ "url": "https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d", "refsource": "MISC", "name": "https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f421eea477", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/" } ] } diff --git a/2020/8xxx/CVE-2020-8492.json b/2020/8xxx/CVE-2020-8492.json index b1e4f773eca..16b54a0a52c 100644 --- a/2020/8xxx/CVE-2020-8492.json +++ b/2020/8xxx/CVE-2020-8492.json @@ -106,6 +106,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-8bdd3fd7a4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ea5bdbcc90", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/" } ] } From f22b4165f844b648540171f521527f7b90911531 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 08:01:21 +0000 Subject: [PATCH 08/41] "-Synchronized-Data." --- 2014/9xxx/CVE-2014-9862.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2014/9xxx/CVE-2014-9862.json b/2014/9xxx/CVE-2014-9862.json index 199f5996550..bc11aed8177 100644 --- a/2014/9xxx/CVE-2014-9862.json +++ b/2014/9xxx/CVE-2014-9862.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200709 X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch", "url": "http://www.openwall.com/lists/oss-security/2020/07/09/2" + }, + { + "refsource": "FULLDISC", + "name": "20200709 X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch", + "url": "http://seclists.org/fulldisclosure/2020/Jul/8" } ] } From 289972ceb5308d26e2034d9883f99b1f3daabde7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 13:01:22 +0000 Subject: [PATCH 09/41] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7814.json | 82 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/2020/7xxx/CVE-2020-7814.json b/2020/7xxx/CVE-2020-7814.json index 7d4e1bac08f..ad3b0023274 100644 --- a/2020/7xxx/CVE-2020-7814.json +++ b/2020/7xxx/CVE-2020-7814.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2020-07-03T06:28:00.000Z", "ID": "CVE-2020-7814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RAON KUpload", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_name": "2018.0.2.50", + "version_value": "2018.0.2.51" + } + ] + } + } + ] + }, + "vendor_name": "RAONWIZ" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File download & execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35495", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35495" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file From 0d61b31e9a15514d906f0ddcbf68d016a9de3469 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 14:01:25 +0000 Subject: [PATCH 10/41] "-Synchronized-Data." --- 2020/3xxx/CVE-2020-3974.json | 50 +++++++++++++++++++-- 2020/7xxx/CVE-2020-7815.json | 87 +++++++++++++++++++++++++++++++++--- 2020/9xxx/CVE-2020-9258.json | 50 +++++++++++++++++++-- 2020/9xxx/CVE-2020-9260.json | 53 ++++++++++++++++++++-- 4 files changed, 225 insertions(+), 15 deletions(-) diff --git a/2020/3xxx/CVE-2020-3974.json b/2020/3xxx/CVE-2020-3974.json index 64cde77dbf3..171b60e7893 100644 --- a/2020/3xxx/CVE-2020-3974.json +++ b/2020/3xxx/CVE-2020-3974.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac", + "version": { + "version_data": [ + { + "version_value": "VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0017.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0017.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed." } ] } diff --git a/2020/7xxx/CVE-2020-7815.json b/2020/7xxx/CVE-2020-7815.json index 3f951c7d79f..ca5dbb470cc 100644 --- a/2020/7xxx/CVE-2020-7815.json +++ b/2020/7xxx/CVE-2020-7815.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2020-07-03T06:28:00.000Z", "ID": "CVE-2020-7815", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XPLATFORM", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_name": "9.2.250", + "version_value": "9.2.260" + } + ] + } + } + ] + }, + "vendor_name": "TOBESOFT" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File download" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "http://support.tobesoft.co.kr/Support/index.html", + "name": "http://support.tobesoft.co.kr/Support/index.html" + }, + { + "refsource": "MISC", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35496", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35496" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9258.json b/2020/9xxx/CVE-2020-9258.json index f69083a6e50..2d136db5078 100644 --- a/2020/9xxx/CVE-2020-9258.json +++ b/2020/9xxx/CVE-2020-9258.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9258", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI P30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.135(C00E135R2P11)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Verification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200708-02-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200708-02-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak." } ] } diff --git a/2020/9xxx/CVE-2020-9260.json b/2020/9xxx/CVE-2020-9260.json index cfb0f9683e0..2936e6c5dc5 100644 --- a/2020/9xxx/CVE-2020-9260.json +++ b/2020/9xxx/CVE-2020-9260.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI P30;HUAWEI P30 Pro", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.123(C432E22R2P5)" + }, + { + "version_value": "Versions earlier than 10.1.0.160(C00E160R2P8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200708-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200708-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure." } ] } From 9716e338f8700dd4ccab28f32304487d524d05a8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 15:01:25 +0000 Subject: [PATCH 11/41] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6473.json | 14 +++++++------- 2012/6xxx/CVE-2012-6474.json | 14 +++++++------- 2012/6xxx/CVE-2012-6475.json | 14 +++++++------- 2012/6xxx/CVE-2012-6476.json | 14 +++++++------- 2012/6xxx/CVE-2012-6477.json | 14 +++++++------- 2012/6xxx/CVE-2012-6478.json | 14 +++++++------- 2012/6xxx/CVE-2012-6479.json | 14 +++++++------- 2012/6xxx/CVE-2012-6480.json | 14 +++++++------- 2012/6xxx/CVE-2012-6481.json | 14 +++++++------- 2012/6xxx/CVE-2012-6482.json | 14 +++++++------- 2012/6xxx/CVE-2012-6483.json | 14 +++++++------- 2012/6xxx/CVE-2012-6484.json | 14 +++++++------- 2012/6xxx/CVE-2012-6485.json | 14 +++++++------- 2012/6xxx/CVE-2012-6486.json | 14 +++++++------- 2012/6xxx/CVE-2012-6487.json | 14 +++++++------- 2012/6xxx/CVE-2012-6488.json | 14 +++++++------- 2012/6xxx/CVE-2012-6489.json | 14 +++++++------- 2012/6xxx/CVE-2012-6490.json | 14 +++++++------- 2012/6xxx/CVE-2012-6491.json | 14 +++++++------- 2012/6xxx/CVE-2012-6492.json | 14 +++++++------- 2013/0xxx/CVE-2013-0802.json | 14 +++++++------- 2013/1xxx/CVE-2013-1703.json | 14 +++++++------- 2017/5xxx/CVE-2017-5226.json | 5 +++++ 2020/12xxx/CVE-2020-12497.json | 5 +++++ 2020/12xxx/CVE-2020-12498.json | 5 +++++ 2020/9xxx/CVE-2020-9802.json | 5 +++++ 2020/9xxx/CVE-2020-9803.json | 5 +++++ 2020/9xxx/CVE-2020-9805.json | 5 +++++ 2020/9xxx/CVE-2020-9806.json | 5 +++++ 2020/9xxx/CVE-2020-9807.json | 5 +++++ 2020/9xxx/CVE-2020-9843.json | 5 +++++ 2020/9xxx/CVE-2020-9850.json | 5 +++++ 32 files changed, 204 insertions(+), 154 deletions(-) diff --git a/2012/6xxx/CVE-2012-6473.json b/2012/6xxx/CVE-2012-6473.json index 5e0be18934e..87c30fb0cd7 100644 --- a/2012/6xxx/CVE-2012-6473.json +++ b/2012/6xxx/CVE-2012-6473.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6473", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6473", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6474.json b/2012/6xxx/CVE-2012-6474.json index f5f59170abe..73ccd8ccfca 100644 --- a/2012/6xxx/CVE-2012-6474.json +++ b/2012/6xxx/CVE-2012-6474.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6474", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6474", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6475.json b/2012/6xxx/CVE-2012-6475.json index 704a8fb06d8..ca0f84f65fe 100644 --- a/2012/6xxx/CVE-2012-6475.json +++ b/2012/6xxx/CVE-2012-6475.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6475", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6475", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6476.json b/2012/6xxx/CVE-2012-6476.json index 70ee36f4df0..7dfc6971d8a 100644 --- a/2012/6xxx/CVE-2012-6476.json +++ b/2012/6xxx/CVE-2012-6476.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6476", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6476", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6477.json b/2012/6xxx/CVE-2012-6477.json index 06582111457..9bc2e3b23c1 100644 --- a/2012/6xxx/CVE-2012-6477.json +++ b/2012/6xxx/CVE-2012-6477.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6477", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6477", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6478.json b/2012/6xxx/CVE-2012-6478.json index 4fdcd3bbd14..ed970f7427b 100644 --- a/2012/6xxx/CVE-2012-6478.json +++ b/2012/6xxx/CVE-2012-6478.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6478", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6478", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6479.json b/2012/6xxx/CVE-2012-6479.json index 0afaece629c..0a3b3f2245b 100644 --- a/2012/6xxx/CVE-2012-6479.json +++ b/2012/6xxx/CVE-2012-6479.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6479", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6480.json b/2012/6xxx/CVE-2012-6480.json index 4df20e42755..c7fa5fc5584 100644 --- a/2012/6xxx/CVE-2012-6480.json +++ b/2012/6xxx/CVE-2012-6480.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6480", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6480", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6481.json b/2012/6xxx/CVE-2012-6481.json index ce85982ddcd..a805847cb52 100644 --- a/2012/6xxx/CVE-2012-6481.json +++ b/2012/6xxx/CVE-2012-6481.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6481", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6481", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6482.json b/2012/6xxx/CVE-2012-6482.json index d0f583b8136..9b075c61c4c 100644 --- a/2012/6xxx/CVE-2012-6482.json +++ b/2012/6xxx/CVE-2012-6482.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6482", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6483.json b/2012/6xxx/CVE-2012-6483.json index b88bc605163..40f1972e522 100644 --- a/2012/6xxx/CVE-2012-6483.json +++ b/2012/6xxx/CVE-2012-6483.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6483", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6483", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6484.json b/2012/6xxx/CVE-2012-6484.json index 5cb65f7c3cf..62840cc41a9 100644 --- a/2012/6xxx/CVE-2012-6484.json +++ b/2012/6xxx/CVE-2012-6484.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6484", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6484", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6485.json b/2012/6xxx/CVE-2012-6485.json index b119d90f28f..58e79505808 100644 --- a/2012/6xxx/CVE-2012-6485.json +++ b/2012/6xxx/CVE-2012-6485.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6485", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6485", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6486.json b/2012/6xxx/CVE-2012-6486.json index 4025fb79289..f1ae902ee46 100644 --- a/2012/6xxx/CVE-2012-6486.json +++ b/2012/6xxx/CVE-2012-6486.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6486", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6486", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6487.json b/2012/6xxx/CVE-2012-6487.json index 73cd069ae20..061ccecaa8e 100644 --- a/2012/6xxx/CVE-2012-6487.json +++ b/2012/6xxx/CVE-2012-6487.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6487", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6487", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6488.json b/2012/6xxx/CVE-2012-6488.json index 1f802303747..a9fe9f91b32 100644 --- a/2012/6xxx/CVE-2012-6488.json +++ b/2012/6xxx/CVE-2012-6488.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6488", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6488", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6489.json b/2012/6xxx/CVE-2012-6489.json index d7f8f20764d..b42520b43af 100644 --- a/2012/6xxx/CVE-2012-6489.json +++ b/2012/6xxx/CVE-2012-6489.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6489", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6489", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6490.json b/2012/6xxx/CVE-2012-6490.json index ac413dd7830..1e347b6dc17 100644 --- a/2012/6xxx/CVE-2012-6490.json +++ b/2012/6xxx/CVE-2012-6490.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6490", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6490", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6491.json b/2012/6xxx/CVE-2012-6491.json index 377d8de54d1..ddd7233057c 100644 --- a/2012/6xxx/CVE-2012-6491.json +++ b/2012/6xxx/CVE-2012-6491.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6491", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6491", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2012/6xxx/CVE-2012-6492.json b/2012/6xxx/CVE-2012-6492.json index 2022b81f6b3..18495d57301 100644 --- a/2012/6xxx/CVE-2012-6492.json +++ b/2012/6xxx/CVE-2012-6492.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6492", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6492", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." } ] } diff --git a/2013/0xxx/CVE-2013-0802.json b/2013/0xxx/CVE-2013-0802.json index 0536da13102..e2d664c57ff 100644 --- a/2013/0xxx/CVE-2013-0802.json +++ b/2013/0xxx/CVE-2013-0802.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-0802", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0802", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." } ] } diff --git a/2013/1xxx/CVE-2013-1703.json b/2013/1xxx/CVE-2013-1703.json index 3f3014f0c0a..b26b44678d7 100644 --- a/2013/1xxx/CVE-2013-1703.json +++ b/2013/1xxx/CVE-2013-1703.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-1703", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1703", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." } ] } diff --git a/2017/5xxx/CVE-2017-5226.json b/2017/5xxx/CVE-2017-5226.json index cb5191cebc3..88e4de3c1eb 100644 --- a/2017/5xxx/CVE-2017-5226.json +++ b/2017/5xxx/CVE-2017-5226.json @@ -71,6 +71,11 @@ "name": "https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117", "refsource": "CONFIRM", "url": "https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] } diff --git a/2020/12xxx/CVE-2020-12497.json b/2020/12xxx/CVE-2020-12497.json index 46630b05e0a..00dbf46b5eb 100644 --- a/2020/12xxx/CVE-2020-12497.json +++ b/2020/12xxx/CVE-2020-12497.json @@ -94,6 +94,11 @@ "name": "https://cert.vde.com/de-de/advisories/vde-2020-023", "refsource": "CONFIRM", "url": "https://cert.vde.com/de-de/advisories/vde-2020-023" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/" } ] }, diff --git a/2020/12xxx/CVE-2020-12498.json b/2020/12xxx/CVE-2020-12498.json index a73b687c3a6..a1e835feab7 100644 --- a/2020/12xxx/CVE-2020-12498.json +++ b/2020/12xxx/CVE-2020-12498.json @@ -94,6 +94,11 @@ "name": "https://cert.vde.com/de-de/advisories/vde-2020-023", "refsource": "CONFIRM", "url": "https://cert.vde.com/de-de/advisories/vde-2020-023" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/" } ] }, diff --git a/2020/9xxx/CVE-2020-9802.json b/2020/9xxx/CVE-2020-9802.json index 9852047647c..aa673c19f5c 100644 --- a/2020/9xxx/CVE-2020-9802.json +++ b/2020/9xxx/CVE-2020-9802.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT211177", "refsource": "MISC", "name": "https://support.apple.com/HT211177" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] }, diff --git a/2020/9xxx/CVE-2020-9803.json b/2020/9xxx/CVE-2020-9803.json index dd46cbc4191..db02d85c3b0 100644 --- a/2020/9xxx/CVE-2020-9803.json +++ b/2020/9xxx/CVE-2020-9803.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT211177", "refsource": "MISC", "name": "https://support.apple.com/HT211177" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] }, diff --git a/2020/9xxx/CVE-2020-9805.json b/2020/9xxx/CVE-2020-9805.json index c4c31897e25..83480acbcbf 100644 --- a/2020/9xxx/CVE-2020-9805.json +++ b/2020/9xxx/CVE-2020-9805.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT211177", "refsource": "MISC", "name": "https://support.apple.com/HT211177" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] }, diff --git a/2020/9xxx/CVE-2020-9806.json b/2020/9xxx/CVE-2020-9806.json index 9ca45a3712f..9515f123a0d 100644 --- a/2020/9xxx/CVE-2020-9806.json +++ b/2020/9xxx/CVE-2020-9806.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT211177", "refsource": "MISC", "name": "https://support.apple.com/HT211177" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] }, diff --git a/2020/9xxx/CVE-2020-9807.json b/2020/9xxx/CVE-2020-9807.json index d102bb60b61..eaaf27b2db8 100644 --- a/2020/9xxx/CVE-2020-9807.json +++ b/2020/9xxx/CVE-2020-9807.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT211177", "refsource": "MISC", "name": "https://support.apple.com/HT211177" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] }, diff --git a/2020/9xxx/CVE-2020-9843.json b/2020/9xxx/CVE-2020-9843.json index 064266c3b54..caa46e12f50 100644 --- a/2020/9xxx/CVE-2020-9843.json +++ b/2020/9xxx/CVE-2020-9843.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT211177", "refsource": "MISC", "name": "https://support.apple.com/HT211177" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] }, diff --git a/2020/9xxx/CVE-2020-9850.json b/2020/9xxx/CVE-2020-9850.json index 9fdca8f9f49..cd27692b45d 100644 --- a/2020/9xxx/CVE-2020-9850.json +++ b/2020/9xxx/CVE-2020-9850.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT211177", "refsource": "MISC", "name": "https://support.apple.com/HT211177" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", + "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" } ] }, From 4002c77e067768e7b60ba1cf764fcfe8265f1651 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 16:01:25 +0000 Subject: [PATCH 12/41] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10378.json | 2 +- 2020/13xxx/CVE-2020-13983.json | 4 +-- 2020/8xxx/CVE-2020-8181.json | 55 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8186.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8187.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8190.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8191.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8193.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8194.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8195.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8196.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8197.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8198.json | 50 +++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8199.json | 50 +++++++++++++++++++++++++++++-- 14 files changed, 572 insertions(+), 39 deletions(-) diff --git a/2020/10xxx/CVE-2020-10378.json b/2020/10xxx/CVE-2020-10378.json index 37f0ef69be3..f160c9b6eb1 100644 --- a/2020/10xxx/CVE-2020-10378.json +++ b/2020/10xxx/CVE-2020-10378.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In libImaging/PcxDecode.c in Pillow before before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer." + "value": "In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer." } ] }, diff --git a/2020/13xxx/CVE-2020-13983.json b/2020/13xxx/CVE-2020-13983.json index 0bb2d089651..f3690d44f79 100644 --- a/2020/13xxx/CVE-2020-13983.json +++ b/2020/13xxx/CVE-2020-13983.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-13983", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-14159. Reason: This candidate is a reservation duplicate of CVE-2020-14159. Notes: All CVE users should reference CVE-2020-14159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2020/8xxx/CVE-2020-8181.json b/2020/8xxx/CVE-2020-8181.json index 5f608c8092b..9b68ed8e934 100644 --- a/2020/8xxx/CVE-2020-8181.json +++ b/2020/8xxx/CVE-2020-8181.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Contact", + "version": { + "version_data": [ + { + "version_value": "3.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Business Logic Errors (CWE-840)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/808287,", + "url": "https://hackerone.com/reports/808287," + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-024", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-024" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars." } ] } diff --git a/2020/8xxx/CVE-2020-8186.json b/2020/8xxx/CVE-2020-8186.json index e91ef2eb3a0..2cc45c80d86 100644 --- a/2020/8xxx/CVE-2020-8186.json +++ b/2020/8xxx/CVE-2020-8186.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8186", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "devcert", + "version": { + "version_data": [ + { + "version_value": "Fixed Version: 1.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/863544", + "url": "https://hackerone.com/reports/863544" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function." } ] } diff --git a/2020/8xxx/CVE-2020-8187.json b/2020/8xxx/CVE-2020-8187.json index ed1e11caadf..cf3fec3e56d 100644 --- a/2020/8xxx/CVE-2020-8187.json +++ b/2020/8xxx/CVE-2020-8187.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway", + "version": { + "version_data": [ + { + "version_value": "11.1-63.9, 12.0-62.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack." } ] } diff --git a/2020/8xxx/CVE-2020-8190.json b/2020/8xxx/CVE-2020-8190.json index 3c1402f7695..234535f2fc2 100644 --- a/2020/8xxx/CVE-2020-8190.json +++ b/2020/8xxx/CVE-2020-8190.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway", + "version": { + "version_data": [ + { + "version_value": "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation." } ] } diff --git a/2020/8xxx/CVE-2020-8191.json b/2020/8xxx/CVE-2020-8191.json index bf9caff849f..7d69645b00b 100644 --- a/2020/8xxx/CVE-2020-8191.json +++ b/2020/8xxx/CVE-2020-8191.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS)." } ] } diff --git a/2020/8xxx/CVE-2020-8193.json b/2020/8xxx/CVE-2020-8193.json index 94afb1c2cc6..cb49f020b78 100644 --- a/2020/8xxx/CVE-2020-8193.json +++ b/2020/8xxx/CVE-2020-8193.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8193", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints." } ] } diff --git a/2020/8xxx/CVE-2020-8194.json b/2020/8xxx/CVE-2020-8194.json index a543528b619..16df197ba82 100644 --- a/2020/8xxx/CVE-2020-8194.json +++ b/2020/8xxx/CVE-2020-8194.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection (CWE-94)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download." } ] } diff --git a/2020/8xxx/CVE-2020-8195.json b/2020/8xxx/CVE-2020-8195.json index 92a0355fc43..c5863840425 100644 --- a/2020/8xxx/CVE-2020-8195.json +++ b/2020/8xxx/CVE-2020-8195.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8195", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users." } ] } diff --git a/2020/8xxx/CVE-2020-8196.json b/2020/8xxx/CVE-2020-8196.json index bc835c243a5..373887079bf 100644 --- a/2020/8xxx/CVE-2020-8196.json +++ b/2020/8xxx/CVE-2020-8196.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users." } ] } diff --git a/2020/8xxx/CVE-2020-8197.json b/2020/8xxx/CVE-2020-8197.json index 9bbfcd7024b..186ec1a761e 100644 --- a/2020/8xxx/CVE-2020-8197.json +++ b/2020/8xxx/CVE-2020-8197.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway", + "version": { + "version_data": [ + { + "version_value": "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands." } ] } diff --git a/2020/8xxx/CVE-2020-8198.json b/2020/8xxx/CVE-2020-8198.json index 2f4c4105bcf..653ca0243ba 100644 --- a/2020/8xxx/CVE-2020-8198.json +++ b/2020/8xxx/CVE-2020-8198.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", + "version": { + "version_data": [ + { + "version_value": "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS)." } ] } diff --git a/2020/8xxx/CVE-2020-8199.json b/2020/8xxx/CVE-2020-8199.json index fd84bfd5557..1eb3474221d 100644 --- a/2020/8xxx/CVE-2020-8199.json +++ b/2020/8xxx/CVE-2020-8199.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix Gateway Plug-in for Linux", + "version": { + "version_data": [ + { + "version_value": "1.0.0.137" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688", + "url": "https://support.citrix.com/article/CTX276688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root." } ] } From 84c2d28bd97681c9f2e71131bc606482e4c3480a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 17:01:22 +0000 Subject: [PATCH 13/41] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11543.json | 7 ++++- 2020/15xxx/CVE-2020-15504.json | 56 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15646.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15647.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15648.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15649.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15650.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15651.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15652.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15653.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15654.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15655.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15656.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15657.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15658.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15659.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15660.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15661.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15662.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15663.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15664.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15665.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15666.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15667.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15668.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15669.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15670.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15671.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15672.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15673.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15674.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15675.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15676.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15677.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15678.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15679.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15680.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15681.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15682.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15683.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15684.json | 18 +++++++++++ 2020/15xxx/CVE-2020-15685.json | 18 +++++++++++ 42 files changed, 776 insertions(+), 7 deletions(-) create mode 100644 2020/15xxx/CVE-2020-15646.json create mode 100644 2020/15xxx/CVE-2020-15647.json create mode 100644 2020/15xxx/CVE-2020-15648.json create mode 100644 2020/15xxx/CVE-2020-15649.json create mode 100644 2020/15xxx/CVE-2020-15650.json create mode 100644 2020/15xxx/CVE-2020-15651.json create mode 100644 2020/15xxx/CVE-2020-15652.json create mode 100644 2020/15xxx/CVE-2020-15653.json create mode 100644 2020/15xxx/CVE-2020-15654.json create mode 100644 2020/15xxx/CVE-2020-15655.json create mode 100644 2020/15xxx/CVE-2020-15656.json create mode 100644 2020/15xxx/CVE-2020-15657.json create mode 100644 2020/15xxx/CVE-2020-15658.json create mode 100644 2020/15xxx/CVE-2020-15659.json create mode 100644 2020/15xxx/CVE-2020-15660.json create mode 100644 2020/15xxx/CVE-2020-15661.json create mode 100644 2020/15xxx/CVE-2020-15662.json create mode 100644 2020/15xxx/CVE-2020-15663.json create mode 100644 2020/15xxx/CVE-2020-15664.json create mode 100644 2020/15xxx/CVE-2020-15665.json create mode 100644 2020/15xxx/CVE-2020-15666.json create mode 100644 2020/15xxx/CVE-2020-15667.json create mode 100644 2020/15xxx/CVE-2020-15668.json create mode 100644 2020/15xxx/CVE-2020-15669.json create mode 100644 2020/15xxx/CVE-2020-15670.json create mode 100644 2020/15xxx/CVE-2020-15671.json create mode 100644 2020/15xxx/CVE-2020-15672.json create mode 100644 2020/15xxx/CVE-2020-15673.json create mode 100644 2020/15xxx/CVE-2020-15674.json create mode 100644 2020/15xxx/CVE-2020-15675.json create mode 100644 2020/15xxx/CVE-2020-15676.json create mode 100644 2020/15xxx/CVE-2020-15677.json create mode 100644 2020/15xxx/CVE-2020-15678.json create mode 100644 2020/15xxx/CVE-2020-15679.json create mode 100644 2020/15xxx/CVE-2020-15680.json create mode 100644 2020/15xxx/CVE-2020-15681.json create mode 100644 2020/15xxx/CVE-2020-15682.json create mode 100644 2020/15xxx/CVE-2020-15683.json create mode 100644 2020/15xxx/CVE-2020-15684.json create mode 100644 2020/15xxx/CVE-2020-15685.json diff --git a/2020/11xxx/CVE-2020-11543.json b/2020/11xxx/CVE-2020-11543.json index 27d2d5722c9..a4c5e65dccb 100644 --- a/2020/11xxx/CVE-2020-11543.json +++ b/2020/11xxx/CVE-2020-11543.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server." + "value": "OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance." } ] }, @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/", "url": "https://docs.opsramp.com/opsramp-5-5-0-updates-release-notes/" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.opsramp.com/about/release-notes/summer-2020-update/#simplified-gateway-appliance-accounts", + "url": "https://docs.opsramp.com/about/release-notes/summer-2020-update/#simplified-gateway-appliance-accounts" } ] } diff --git a/2020/15xxx/CVE-2020-15504.json b/2020/15xxx/CVE-2020-15504.json index f8180a12d57..b4c5610878a 100644 --- a/2020/15xxx/CVE-2020-15504.json +++ b/2020/15xxx/CVE-2020-15504.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15504", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15504", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504", + "url": "https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-via-sqli-cve-2020-15504" } ] } diff --git a/2020/15xxx/CVE-2020-15646.json b/2020/15xxx/CVE-2020-15646.json new file mode 100644 index 00000000000..c29c88273dd --- /dev/null +++ b/2020/15xxx/CVE-2020-15646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15647.json b/2020/15xxx/CVE-2020-15647.json new file mode 100644 index 00000000000..b95afd24f44 --- /dev/null +++ b/2020/15xxx/CVE-2020-15647.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15647", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15648.json b/2020/15xxx/CVE-2020-15648.json new file mode 100644 index 00000000000..8d59a8c746c --- /dev/null +++ b/2020/15xxx/CVE-2020-15648.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15648", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15649.json b/2020/15xxx/CVE-2020-15649.json new file mode 100644 index 00000000000..2b0e87f3d9a --- /dev/null +++ b/2020/15xxx/CVE-2020-15649.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15649", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15650.json b/2020/15xxx/CVE-2020-15650.json new file mode 100644 index 00000000000..eca3936c3d2 --- /dev/null +++ b/2020/15xxx/CVE-2020-15650.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15650", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15651.json b/2020/15xxx/CVE-2020-15651.json new file mode 100644 index 00000000000..931d86b1f73 --- /dev/null +++ b/2020/15xxx/CVE-2020-15651.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15651", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15652.json b/2020/15xxx/CVE-2020-15652.json new file mode 100644 index 00000000000..dcb40ca06d6 --- /dev/null +++ b/2020/15xxx/CVE-2020-15652.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15652", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15653.json b/2020/15xxx/CVE-2020-15653.json new file mode 100644 index 00000000000..b70e922ae96 --- /dev/null +++ b/2020/15xxx/CVE-2020-15653.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15653", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15654.json b/2020/15xxx/CVE-2020-15654.json new file mode 100644 index 00000000000..38079a9f7cb --- /dev/null +++ b/2020/15xxx/CVE-2020-15654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15655.json b/2020/15xxx/CVE-2020-15655.json new file mode 100644 index 00000000000..85cceaecc79 --- /dev/null +++ b/2020/15xxx/CVE-2020-15655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15656.json b/2020/15xxx/CVE-2020-15656.json new file mode 100644 index 00000000000..6e33d4eb064 --- /dev/null +++ b/2020/15xxx/CVE-2020-15656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15657.json b/2020/15xxx/CVE-2020-15657.json new file mode 100644 index 00000000000..f15550903ae --- /dev/null +++ b/2020/15xxx/CVE-2020-15657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15658.json b/2020/15xxx/CVE-2020-15658.json new file mode 100644 index 00000000000..26fc0d04498 --- /dev/null +++ b/2020/15xxx/CVE-2020-15658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15659.json b/2020/15xxx/CVE-2020-15659.json new file mode 100644 index 00000000000..9a0092a0a01 --- /dev/null +++ b/2020/15xxx/CVE-2020-15659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15660.json b/2020/15xxx/CVE-2020-15660.json new file mode 100644 index 00000000000..a17be17f349 --- /dev/null +++ b/2020/15xxx/CVE-2020-15660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15661.json b/2020/15xxx/CVE-2020-15661.json new file mode 100644 index 00000000000..12caefdbc81 --- /dev/null +++ b/2020/15xxx/CVE-2020-15661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15662.json b/2020/15xxx/CVE-2020-15662.json new file mode 100644 index 00000000000..548e8f0a644 --- /dev/null +++ b/2020/15xxx/CVE-2020-15662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15663.json b/2020/15xxx/CVE-2020-15663.json new file mode 100644 index 00000000000..d5430970df7 --- /dev/null +++ b/2020/15xxx/CVE-2020-15663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15664.json b/2020/15xxx/CVE-2020-15664.json new file mode 100644 index 00000000000..7a9d6f1451d --- /dev/null +++ b/2020/15xxx/CVE-2020-15664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15665.json b/2020/15xxx/CVE-2020-15665.json new file mode 100644 index 00000000000..452bd66a241 --- /dev/null +++ b/2020/15xxx/CVE-2020-15665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15666.json b/2020/15xxx/CVE-2020-15666.json new file mode 100644 index 00000000000..57baf0fedc5 --- /dev/null +++ b/2020/15xxx/CVE-2020-15666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15667.json b/2020/15xxx/CVE-2020-15667.json new file mode 100644 index 00000000000..d6a61ef6fc5 --- /dev/null +++ b/2020/15xxx/CVE-2020-15667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15668.json b/2020/15xxx/CVE-2020-15668.json new file mode 100644 index 00000000000..b922c9d6386 --- /dev/null +++ b/2020/15xxx/CVE-2020-15668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15669.json b/2020/15xxx/CVE-2020-15669.json new file mode 100644 index 00000000000..da5e9723bb7 --- /dev/null +++ b/2020/15xxx/CVE-2020-15669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15670.json b/2020/15xxx/CVE-2020-15670.json new file mode 100644 index 00000000000..12db35a2ff0 --- /dev/null +++ b/2020/15xxx/CVE-2020-15670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15671.json b/2020/15xxx/CVE-2020-15671.json new file mode 100644 index 00000000000..3b3bd5fbf2a --- /dev/null +++ b/2020/15xxx/CVE-2020-15671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15672.json b/2020/15xxx/CVE-2020-15672.json new file mode 100644 index 00000000000..a113db7ddc1 --- /dev/null +++ b/2020/15xxx/CVE-2020-15672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15673.json b/2020/15xxx/CVE-2020-15673.json new file mode 100644 index 00000000000..c6d261211a9 --- /dev/null +++ b/2020/15xxx/CVE-2020-15673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15674.json b/2020/15xxx/CVE-2020-15674.json new file mode 100644 index 00000000000..8fab70a59a0 --- /dev/null +++ b/2020/15xxx/CVE-2020-15674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15675.json b/2020/15xxx/CVE-2020-15675.json new file mode 100644 index 00000000000..705af384889 --- /dev/null +++ b/2020/15xxx/CVE-2020-15675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15676.json b/2020/15xxx/CVE-2020-15676.json new file mode 100644 index 00000000000..c6fb2de5de1 --- /dev/null +++ b/2020/15xxx/CVE-2020-15676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15677.json b/2020/15xxx/CVE-2020-15677.json new file mode 100644 index 00000000000..11a3d23a5c0 --- /dev/null +++ b/2020/15xxx/CVE-2020-15677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15678.json b/2020/15xxx/CVE-2020-15678.json new file mode 100644 index 00000000000..6bb0163c43e --- /dev/null +++ b/2020/15xxx/CVE-2020-15678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15679.json b/2020/15xxx/CVE-2020-15679.json new file mode 100644 index 00000000000..ccdffd99e59 --- /dev/null +++ b/2020/15xxx/CVE-2020-15679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15680.json b/2020/15xxx/CVE-2020-15680.json new file mode 100644 index 00000000000..d74143fd1a5 --- /dev/null +++ b/2020/15xxx/CVE-2020-15680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15681.json b/2020/15xxx/CVE-2020-15681.json new file mode 100644 index 00000000000..10942294d12 --- /dev/null +++ b/2020/15xxx/CVE-2020-15681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15682.json b/2020/15xxx/CVE-2020-15682.json new file mode 100644 index 00000000000..b7aa8604f3d --- /dev/null +++ b/2020/15xxx/CVE-2020-15682.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15682", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15683.json b/2020/15xxx/CVE-2020-15683.json new file mode 100644 index 00000000000..0dae4c34e97 --- /dev/null +++ b/2020/15xxx/CVE-2020-15683.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15683", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15684.json b/2020/15xxx/CVE-2020-15684.json new file mode 100644 index 00000000000..9fb1ad662b1 --- /dev/null +++ b/2020/15xxx/CVE-2020-15684.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15684", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15685.json b/2020/15xxx/CVE-2020-15685.json new file mode 100644 index 00000000000..d3b37519c37 --- /dev/null +++ b/2020/15xxx/CVE-2020-15685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From d60e20fdc59f2a5d9120130b7eb059c5bb0d57a5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 18:01:24 +0000 Subject: [PATCH 14/41] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15686.json | 18 ++++++++++++ 2020/6xxx/CVE-2020-6114.json | 50 ++++++++++++++++++++++++++++++++-- 2 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 2020/15xxx/CVE-2020-15686.json diff --git a/2020/15xxx/CVE-2020-15686.json b/2020/15xxx/CVE-2020-15686.json new file mode 100644 index 00000000000..b0b3487cd44 --- /dev/null +++ b/2020/15xxx/CVE-2020-15686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6114.json b/2020/6xxx/CVE-2020-6114.json index 129efa25228..bc1a4fe13b3 100644 --- a/2020/6xxx/CVE-2020-6114.json +++ b/2020/6xxx/CVE-2020-6114.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Glacies IceHRM\"", + "version": { + "version_data": [ + { + "version_value": "Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1067", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1067" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } From 1a4de95b3a4b37e212c0dc6c8c78d55bb97ae6c7 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 10 Jul 2020 12:41:41 -0600 Subject: [PATCH 15/41] add CVE-2020-11081 for GHSA-2xwp-8fv7-c5pm --- 2020/11xxx/CVE-2020-11081.json | 97 +++++++++++++++++++++++++++++++--- 1 file changed, 91 insertions(+), 6 deletions(-) diff --git a/2020/11xxx/CVE-2020-11081.json b/2020/11xxx/CVE-2020-11081.json index 6ad52dcfa86..69007843671 100644 --- a/2020/11xxx/CVE-2020-11081.json +++ b/2020/11xxx/CVE-2020-11081.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11081", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "osquery susceptible to DLL search order hijacking of zlib1.dll" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "osquery", + "version": { + "version_data": [ + { + "version_value": "< 4.4.0" + } + ] + } + } + ] + }, + "vendor_name": "osquery" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. \n\nThis is fixed in version 4.4.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-114: Process Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm", + "refsource": "CONFIRM", + "url": "https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm" + }, + { + "name": "https://github.com/osquery/osquery/issues/6426", + "refsource": "MISC", + "url": "https://github.com/osquery/osquery/issues/6426" + }, + { + "name": "https://github.com/osquery/osquery/pull/6433", + "refsource": "MISC", + "url": "https://github.com/osquery/osquery/pull/6433" + }, + { + "name": "https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5", + "refsource": "MISC", + "url": "https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5" + }, + { + "name": "https://github.com/osquery/osquery/releases/tag/4.4.0", + "refsource": "MISC", + "url": "https://github.com/osquery/osquery/releases/tag/4.4.0" + } + ] + }, + "source": { + "advisory": "GHSA-2xwp-8fv7-c5pm", + "discovery": "UNKNOWN" } } \ No newline at end of file From 3deeabd018813c4fde76260fe5fefc018868b1b5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 19:01:32 +0000 Subject: [PATCH 16/41] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11081.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/11xxx/CVE-2020-11081.json b/2020/11xxx/CVE-2020-11081.json index 69007843671..a930b457401 100644 --- a/2020/11xxx/CVE-2020-11081.json +++ b/2020/11xxx/CVE-2020-11081.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. \n\nThis is fixed in version 4.4.0." + "value": "osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0." } ] }, From 30d2c4bd2cb962229028cc563a8acfba72185170 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 10 Jul 2020 13:20:49 -0600 Subject: [PATCH 17/41] add CVE-2020-11061 for GHSA-mm45-cg35-54j4 --- 2020/11xxx/CVE-2020-11061.json | 91 +++++++++++++++++++++++++++++++--- 1 file changed, 85 insertions(+), 6 deletions(-) diff --git a/2020/11xxx/CVE-2020-11061.json b/2020/11xxx/CVE-2020-11061.json index c3e703a9186..57a61af52b6 100644 --- a/2020/11xxx/CVE-2020-11061.json +++ b/2020/11xxx/CVE-2020-11061.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap-based Buffer Overflow in Bareos Director" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bareos Director", + "version": { + "version_data": [ + { + "version_value": "<= 16.2.10" + }, + { + "version_value": "<= 17.2.9" + }, + { + "version_value": "<= 18.2.8" + }, + { + "version_value": "<= 19.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Bareos GmbH & Co. KG" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job.\n\nDisabling verify jobs mitigates the problem.\n\nThis issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4", + "refsource": "CONFIRM", + "url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4" + }, + { + "name": "https://bugs.bareos.org/view.php?id=1210", + "refsource": "MISC", + "url": "https://bugs.bareos.org/view.php?id=1210" + } + ] + }, + "source": { + "advisory": "GHSA-mm45-cg35-54j4", + "discovery": "UNKNOWN" } } \ No newline at end of file From 42f229e9d3e9785159c60127945854ba0c10ec96 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 10 Jul 2020 13:25:55 -0600 Subject: [PATCH 18/41] add CVE-2020-4042 for GHSA-vqpj-2vhj-h752 --- 2020/4xxx/CVE-2020-4042.json | 82 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/2020/4xxx/CVE-2020-4042.json b/2020/4xxx/CVE-2020-4042.json index d16ef27525c..90333f25e53 100644 --- a/2020/4xxx/CVE-2020-4042.json +++ b/2020/4xxx/CVE-2020-4042.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-4042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Authentication bypass in Bareos" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bareos", + "version": { + "version_data": [ + { + "version_value": "< 19.2.8" + } + ] + } + } + ] + }, + "vendor_name": "bareos" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself.\n\nThe malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge.\n\nThis is fixed in version 19.2.8." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-294: Authentication Bypass by Capture-replay" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752", + "refsource": "CONFIRM", + "url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752" + }, + { + "name": "https://bugs.bareos.org/view.php?id=1250", + "refsource": "MISC", + "url": "https://bugs.bareos.org/view.php?id=1250" + } + ] + }, + "source": { + "advisory": "GHSA-vqpj-2vhj-h752", + "discovery": "UNKNOWN" } } \ No newline at end of file From 19a948c1130e4b027d8c9ef2c4b3ab4595c08201 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 20:01:35 +0000 Subject: [PATCH 19/41] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11061.json | 2 +- 2020/4xxx/CVE-2020-4042.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/11xxx/CVE-2020-11061.json b/2020/11xxx/CVE-2020-11061.json index 57a61af52b6..8e91832d450 100644 --- a/2020/11xxx/CVE-2020-11061.json +++ b/2020/11xxx/CVE-2020-11061.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job.\n\nDisabling verify jobs mitigates the problem.\n\nThis issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10." + "value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10." } ] }, diff --git a/2020/4xxx/CVE-2020-4042.json b/2020/4xxx/CVE-2020-4042.json index 90333f25e53..b50e8eb68e3 100644 --- a/2020/4xxx/CVE-2020-4042.json +++ b/2020/4xxx/CVE-2020-4042.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself.\n\nThe malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge.\n\nThis is fixed in version 19.2.8." + "value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8." } ] }, From 4c7a4b7f2e491c1eace46dafc893d1931768e1fd Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 10 Jul 2020 14:54:07 -0600 Subject: [PATCH 20/41] add CVE-2020-15105 for GHSA-vhr6-pvjm-9qwf --- 2020/15xxx/CVE-2020-15105.json | 87 +++++++++++++++++++++++++++++++--- 1 file changed, 81 insertions(+), 6 deletions(-) diff --git a/2020/15xxx/CVE-2020-15105.json b/2020/15xxx/CVE-2020-15105.json index 7fb739bc2a9..a0b06ffbd3a 100644 --- a/2020/15xxx/CVE-2020-15105.json +++ b/2020/15xxx/CVE-2020-15105.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "In Django Two-Factor Authentication, user passwords are stored in clear text in the Django session" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "django-two-factor-auth", + "version": { + "version_data": [ + { + "version_value": "< 1.12" + } + ] + } + } + ] + }, + "vendor_name": "Bouke" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code.\n\nThe severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis).\n\nThis has been fixed in 1.12.\n\nAfter upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas.\n\nIn addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used.\n\nAs a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf", + "refsource": "CONFIRM", + "url": "https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf" + }, + { + "name": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359", + "refsource": "MISC", + "url": "https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359" + }, + { + "name": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08", + "refsource": "MISC", + "url": "https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08" + } + ] + }, + "source": { + "advisory": "GHSA-vhr6-pvjm-9qwf", + "discovery": "UNKNOWN" } } \ No newline at end of file From e0bb5af1288c8765b9298cbbaef35ed0b56eedbb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 21:01:35 +0000 Subject: [PATCH 21/41] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15105.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/15xxx/CVE-2020-15105.json b/2020/15xxx/CVE-2020-15105.json index a0b06ffbd3a..d2013900eb5 100644 --- a/2020/15xxx/CVE-2020-15105.json +++ b/2020/15xxx/CVE-2020-15105.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code.\n\nThe severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis).\n\nThis has been fixed in 1.12.\n\nAfter upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas.\n\nIn addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used.\n\nAs a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading." + "value": "Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password and then leaves before entering their two-factor authentication code. The severity of this issue depends on which type of session storage you have configured: in the worst case, if you're using Django's default database session storage, then users' passwords are stored in clear text in your database. In the best case, if you're using Django's signed cookie session, then users' passwords are only stored in clear text within their browser's cookie store. In the common case of using Django's cache session store, the users' passwords are stored in clear text in whatever cache storage you have configured (typically Memcached or Redis). This has been fixed in 1.12. After upgrading, users should be sure to delete any clear text passwords that have been stored. For example, if you're using the database session backend, you'll likely want to delete any session record from the database and purge that data from any database backups or replicas. In addition, affected organizations who have suffered a database breach while using an affected version should inform their users that their clear text passwords have been compromised. All organizations should encourage users whose passwords were insecurely stored to change these passwords on any sites where they were used. As a workaround, wwitching Django's session storage to use signed cookies instead of the database or cache lessens the impact of this issue, but should not be done without a thorough understanding of the security tradeoffs of using signed cookies rather than a server-side session storage. There is no way to fully mitigate the issue without upgrading." } ] }, From 6b2061eb690d4955fb0ad2534a91105c3a759c5b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Jul 2020 22:01:27 +0000 Subject: [PATCH 22/41] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12973.json | 5 +++++ 2020/12xxx/CVE-2020-12108.json | 5 +++++ 2020/15xxx/CVE-2020-15011.json | 5 +++++ 2020/15xxx/CVE-2020-15389.json | 5 +++++ 2020/6xxx/CVE-2020-6851.json | 5 +++++ 2020/8xxx/CVE-2020-8112.json | 5 +++++ 2020/8xxx/CVE-2020-8161.json | 5 +++++ 2020/8xxx/CVE-2020-8184.json | 5 +++++ 8 files changed, 40 insertions(+) diff --git a/2019/12xxx/CVE-2019-12973.json b/2019/12xxx/CVE-2019-12973.json index 6719b8aef54..d14db8d5291 100644 --- a/2019/12xxx/CVE-2019-12973.json +++ b/2019/12xxx/CVE-2019-12973.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2223", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html" } ] } diff --git a/2020/12xxx/CVE-2020-12108.json b/2020/12xxx/CVE-2020-12108.json index 9ac80f7cda4..e949c385bdb 100644 --- a/2020/12xxx/CVE-2020-12108.json +++ b/2020/12xxx/CVE-2020-12108.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0764", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html" } ] } diff --git a/2020/15xxx/CVE-2020-15011.json b/2020/15xxx/CVE-2020-15011.json index e728bba0f5d..fe8df2b56c6 100644 --- a/2020/15xxx/CVE-2020-15011.json +++ b/2020/15xxx/CVE-2020-15011.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4406-1", "url": "https://usn.ubuntu.com/4406-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html" } ] } diff --git a/2020/15xxx/CVE-2020-15389.json b/2020/15xxx/CVE-2020-15389.json index 8539beab95f..ba8ff3e2453 100644 --- a/2020/15xxx/CVE-2020-15389.json +++ b/2020/15xxx/CVE-2020-15389.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://pastebin.com/4sDKQ7U8", "url": "https://pastebin.com/4sDKQ7U8" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html" } ] } diff --git a/2020/6xxx/CVE-2020-6851.json b/2020/6xxx/CVE-2020-6851.json index 86356db4174..273add28bda 100644 --- a/2020/6xxx/CVE-2020-6851.json +++ b/2020/6xxx/CVE-2020-6851.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6c8804daaa", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html" } ] } diff --git a/2020/8xxx/CVE-2020-8112.json b/2020/8xxx/CVE-2020-8112.json index 7c7675b74be..4b84d86136c 100644 --- a/2020/8xxx/CVE-2020-8112.json +++ b/2020/8xxx/CVE-2020-8112.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0694", "url": "https://access.redhat.com/errata/RHSA-2020:0694" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2277-1] openjpeg2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html" } ] } diff --git a/2020/8xxx/CVE-2020-8161.json b/2020/8xxx/CVE-2020-8161.json index 5670fc68338..8dfaa8f93a2 100644 --- a/2020/8xxx/CVE-2020-8161.json +++ b/2020/8xxx/CVE-2020-8161.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA", "url": "https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2275-1] ruby-rack security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html" } ] }, diff --git a/2020/8xxx/CVE-2020-8184.json b/2020/8xxx/CVE-2020-8184.json index 740067238d7..4b0f7045fdd 100644 --- a/2020/8xxx/CVE-2020-8184.json +++ b/2020/8xxx/CVE-2020-8184.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak", "url": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2275-1] ruby-rack security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html" } ] }, From fe299957dc177eaa09b5879a128f73944648c822 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jul 2020 00:01:23 +0000 Subject: [PATCH 23/41] "-Synchronized-Data." --- 2018/19xxx/CVE-2018-19132.json | 5 +++++ 2019/12xxx/CVE-2019-12519.json | 5 +++++ 2019/12xxx/CVE-2019-12520.json | 5 +++++ 2019/12xxx/CVE-2019-12521.json | 5 +++++ 2019/12xxx/CVE-2019-12523.json | 5 +++++ 2019/12xxx/CVE-2019-12524.json | 5 +++++ 2019/12xxx/CVE-2019-12525.json | 5 +++++ 2019/12xxx/CVE-2019-12526.json | 5 +++++ 2019/12xxx/CVE-2019-12528.json | 5 +++++ 2019/12xxx/CVE-2019-12529.json | 5 +++++ 2019/13xxx/CVE-2019-13345.json | 5 +++++ 2019/18xxx/CVE-2019-18676.json | 5 +++++ 2019/18xxx/CVE-2019-18677.json | 5 +++++ 2019/18xxx/CVE-2019-18678.json | 5 +++++ 2019/18xxx/CVE-2019-18679.json | 5 +++++ 2019/18xxx/CVE-2019-18860.json | 5 +++++ 2020/11xxx/CVE-2020-11945.json | 5 +++++ 2020/8xxx/CVE-2020-8449.json | 5 +++++ 2020/8xxx/CVE-2020-8450.json | 5 +++++ 19 files changed, 95 insertions(+) diff --git a/2018/19xxx/CVE-2018-19132.json b/2018/19xxx/CVE-2018-19132.json index 93cf47f27d7..86d7206267c 100644 --- a/2018/19xxx/CVE-2018-19132.json +++ b/2018/19xxx/CVE-2018-19132.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4059-1", "url": "https://usn.ubuntu.com/4059-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12519.json b/2019/12xxx/CVE-2019-12519.json index 6347e1b954a..838ad637bd1 100644 --- a/2019/12xxx/CVE-2019-12519.json +++ b/2019/12xxx/CVE-2019-12519.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4356-1", "url": "https://usn.ubuntu.com/4356-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12520.json b/2019/12xxx/CVE-2019-12520.json index 36588aaab1c..1710ee68683 100644 --- a/2019/12xxx/CVE-2019-12520.json +++ b/2019/12xxx/CVE-2019-12520.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12521.json b/2019/12xxx/CVE-2019-12521.json index 5b7eeab179b..b9117f35fc1 100644 --- a/2019/12xxx/CVE-2019-12521.json +++ b/2019/12xxx/CVE-2019-12521.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4356-1", "url": "https://usn.ubuntu.com/4356-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12523.json b/2019/12xxx/CVE-2019-12523.json index dd440e24fda..3d1eb14d23a 100644 --- a/2019/12xxx/CVE-2019-12523.json +++ b/2019/12xxx/CVE-2019-12523.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12524.json b/2019/12xxx/CVE-2019-12524.json index 9120cd977a8..8146406a38e 100644 --- a/2019/12xxx/CVE-2019-12524.json +++ b/2019/12xxx/CVE-2019-12524.json @@ -61,6 +61,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12525.json b/2019/12xxx/CVE-2019-12525.json index 56c89b2d8c2..813ac1bd6db 100644 --- a/2019/12xxx/CVE-2019-12525.json +++ b/2019/12xxx/CVE-2019-12525.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2541", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12526.json b/2019/12xxx/CVE-2019-12526.json index a4614d9ec72..d735a3ba966 100644 --- a/2019/12xxx/CVE-2019-12526.json +++ b/2019/12xxx/CVE-2019-12526.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12528.json b/2019/12xxx/CVE-2019-12528.json index 5e4cf29a113..e456ed60b78 100644 --- a/2019/12xxx/CVE-2019-12528.json +++ b/2019/12xxx/CVE-2019-12528.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0623", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12529.json b/2019/12xxx/CVE-2019-12529.json index 19720c13c4b..212207db44e 100644 --- a/2019/12xxx/CVE-2019-12529.json +++ b/2019/12xxx/CVE-2019-12529.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2541", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/13xxx/CVE-2019-13345.json b/2019/13xxx/CVE-2019-13345.json index ea2e94e064f..87535333c48 100644 --- a/2019/13xxx/CVE-2019-13345.json +++ b/2019/13xxx/CVE-2019-13345.json @@ -121,6 +121,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2541", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/18xxx/CVE-2019-18676.json b/2019/18xxx/CVE-2019-18676.json index 7291d225a03..e3a85a7e96b 100644 --- a/2019/18xxx/CVE-2019-18676.json +++ b/2019/18xxx/CVE-2019-18676.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/18xxx/CVE-2019-18677.json b/2019/18xxx/CVE-2019-18677.json index 858d1f8b074..4002692fb1e 100644 --- a/2019/18xxx/CVE-2019-18677.json +++ b/2019/18xxx/CVE-2019-18677.json @@ -101,6 +101,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/18xxx/CVE-2019-18678.json b/2019/18xxx/CVE-2019-18678.json index 83404f81b56..2360e91b2c2 100644 --- a/2019/18xxx/CVE-2019-18678.json +++ b/2019/18xxx/CVE-2019-18678.json @@ -101,6 +101,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/18xxx/CVE-2019-18679.json b/2019/18xxx/CVE-2019-18679.json index fbd4290d280..34366a3e8b4 100644 --- a/2019/18xxx/CVE-2019-18679.json +++ b/2019/18xxx/CVE-2019-18679.json @@ -101,6 +101,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2019/18xxx/CVE-2019-18860.json b/2019/18xxx/CVE-2019-18860.json index 0a658c2ebcb..4e519d9af6a 100644 --- a/2019/18xxx/CVE-2019-18860.json +++ b/2019/18xxx/CVE-2019-18860.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4356-1", "url": "https://usn.ubuntu.com/4356-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2020/11xxx/CVE-2020-11945.json b/2020/11xxx/CVE-2020-11945.json index 7371c28c1f5..820735c7d12 100644 --- a/2020/11xxx/CVE-2020-11945.json +++ b/2020/11xxx/CVE-2020-11945.json @@ -116,6 +116,11 @@ "refsource": "UBUNTU", "name": "USN-4356-1", "url": "https://usn.ubuntu.com/4356-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2020/8xxx/CVE-2020-8449.json b/2020/8xxx/CVE-2020-8449.json index 2d597ed37ee..c210a55edde 100644 --- a/2020/8xxx/CVE-2020-8449.json +++ b/2020/8xxx/CVE-2020-8449.json @@ -116,6 +116,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } diff --git a/2020/8xxx/CVE-2020-8450.json b/2020/8xxx/CVE-2020-8450.json index ee831ee3ef2..cbbc6d2319d 100644 --- a/2020/8xxx/CVE-2020-8450.json +++ b/2020/8xxx/CVE-2020-8450.json @@ -116,6 +116,11 @@ "refsource": "DEBIAN", "name": "DSA-4682", "url": "https://www.debian.org/security/2020/dsa-4682" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" } ] } From 3b42ff6fa42d433cbce63431a7123394c1a0d579 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jul 2020 03:01:26 +0000 Subject: [PATCH 24/41] "-Synchronized-Data." --- 2018/12xxx/CVE-2018-12983.json | 10 ++++++++++ 2020/14xxx/CVE-2020-14058.json | 5 +++++ 2020/15xxx/CVE-2020-15049.json | 5 +++++ 2020/15xxx/CVE-2020-15304.json | 10 ++++++++++ 2020/15xxx/CVE-2020-15305.json | 10 ++++++++++ 2020/15xxx/CVE-2020-15306.json | 10 ++++++++++ 6 files changed, 50 insertions(+) diff --git a/2018/12xxx/CVE-2018-12983.json b/2018/12xxx/CVE-2018-12983.json index 03f6cf2d4ad..059d6412daf 100644 --- a/2018/12xxx/CVE-2018-12983.json +++ b/2018/12xxx/CVE-2018-12983.json @@ -56,6 +56,16 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1595693", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595693" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-2d80e03190", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEJQUDZT4JRJSPZYY3UPSCTFPAC5TUHK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-71e2092ebc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMEMSUUXA3SL3AZAKKCTZFXVPHTBBK3O/" } ] } diff --git a/2020/14xxx/CVE-2020-14058.json b/2020/14xxx/CVE-2020-14058.json index 4b97145fd26..4ac357a41c8 100644 --- a/2020/14xxx/CVE-2020-14058.json +++ b/2020/14xxx/CVE-2020-14058.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-cbebc5617e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/" } ] } diff --git a/2020/15xxx/CVE-2020-15049.json b/2020/15xxx/CVE-2020-15049.json index c57eff63fe7..02384717a39 100644 --- a/2020/15xxx/CVE-2020-15049.json +++ b/2020/15xxx/CVE-2020-15049.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-cbebc5617e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/" } ] }, diff --git a/2020/15xxx/CVE-2020-15304.json b/2020/15xxx/CVE-2020-15304.json index 77f2df50ccb..1289a03162c 100644 --- a/2020/15xxx/CVE-2020-15304.json +++ b/2020/15xxx/CVE-2020-15304.json @@ -71,6 +71,16 @@ "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md", "refsource": "MISC", "name": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-8394f7fd12", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a9a0f8f6cd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/" } ] } diff --git a/2020/15xxx/CVE-2020-15305.json b/2020/15xxx/CVE-2020-15305.json index 694964408e2..b6e79c2a2a3 100644 --- a/2020/15xxx/CVE-2020-15305.json +++ b/2020/15xxx/CVE-2020-15305.json @@ -71,6 +71,16 @@ "url": "https://github.com/AcademySoftwareFoundation/openexr/pull/730", "refsource": "MISC", "name": "https://github.com/AcademySoftwareFoundation/openexr/pull/730" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-8394f7fd12", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a9a0f8f6cd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/" } ] } diff --git a/2020/15xxx/CVE-2020-15306.json b/2020/15xxx/CVE-2020-15306.json index c62491cda76..a1c3c43ca64 100644 --- a/2020/15xxx/CVE-2020-15306.json +++ b/2020/15xxx/CVE-2020-15306.json @@ -71,6 +71,16 @@ "url": "https://github.com/AcademySoftwareFoundation/openexr/pull/738", "refsource": "MISC", "name": "https://github.com/AcademySoftwareFoundation/openexr/pull/738" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-8394f7fd12", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKDRVXORM2VLNHRLFKS3JHRABSHZ5W5M/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a9a0f8f6cd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SHYAKRAUEMYVCV7U5WLDRE2YFGSV5PIT/" } ] } From 68f1ad70d0c4f6268b88174dc8a0730b9cc7d86f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Jul 2020 16:01:21 +0000 Subject: [PATCH 25/41] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13851.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2020/13xxx/CVE-2020-13851.json b/2020/13xxx/CVE-2020-13851.json index 55dcd1ae10b..d41a1cfe55e 100644 --- a/2020/13xxx/CVE-2020-13851.json +++ b/2020/13xxx/CVE-2020-13851.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities", "url": "https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158390/Pandora-FMS-7.0-NG-7XX-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/158390/Pandora-FMS-7.0-NG-7XX-Remote-Command-Execution.html" } ] } From 0a7805b0dc7324db99a842b7796678504ec773ea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Jul 2020 03:01:28 +0000 Subject: [PATCH 26/41] "-Synchronized-Data." --- 2020/9xxx/CVE-2020-9802.json | 5 +++++ 2020/9xxx/CVE-2020-9803.json | 5 +++++ 2020/9xxx/CVE-2020-9805.json | 5 +++++ 2020/9xxx/CVE-2020-9806.json | 5 +++++ 2020/9xxx/CVE-2020-9807.json | 5 +++++ 2020/9xxx/CVE-2020-9843.json | 5 +++++ 2020/9xxx/CVE-2020-9850.json | 5 +++++ 7 files changed, 35 insertions(+) diff --git a/2020/9xxx/CVE-2020-9802.json b/2020/9xxx/CVE-2020-9802.json index aa673c19f5c..d40394533bd 100644 --- a/2020/9xxx/CVE-2020-9802.json +++ b/2020/9xxx/CVE-2020-9802.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ab074c6cdf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/" } ] }, diff --git a/2020/9xxx/CVE-2020-9803.json b/2020/9xxx/CVE-2020-9803.json index db02d85c3b0..40c86b9119e 100644 --- a/2020/9xxx/CVE-2020-9803.json +++ b/2020/9xxx/CVE-2020-9803.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ab074c6cdf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/" } ] }, diff --git a/2020/9xxx/CVE-2020-9805.json b/2020/9xxx/CVE-2020-9805.json index 83480acbcbf..a35ba50bbdf 100644 --- a/2020/9xxx/CVE-2020-9805.json +++ b/2020/9xxx/CVE-2020-9805.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ab074c6cdf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/" } ] }, diff --git a/2020/9xxx/CVE-2020-9806.json b/2020/9xxx/CVE-2020-9806.json index 9515f123a0d..63180366117 100644 --- a/2020/9xxx/CVE-2020-9806.json +++ b/2020/9xxx/CVE-2020-9806.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ab074c6cdf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/" } ] }, diff --git a/2020/9xxx/CVE-2020-9807.json b/2020/9xxx/CVE-2020-9807.json index eaaf27b2db8..4eccf33be69 100644 --- a/2020/9xxx/CVE-2020-9807.json +++ b/2020/9xxx/CVE-2020-9807.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ab074c6cdf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/" } ] }, diff --git a/2020/9xxx/CVE-2020-9843.json b/2020/9xxx/CVE-2020-9843.json index caa46e12f50..0a4591e26e2 100644 --- a/2020/9xxx/CVE-2020-9843.json +++ b/2020/9xxx/CVE-2020-9843.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ab074c6cdf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/" } ] }, diff --git a/2020/9xxx/CVE-2020-9850.json b/2020/9xxx/CVE-2020-9850.json index cd27692b45d..7e23796384b 100644 --- a/2020/9xxx/CVE-2020-9850.json +++ b/2020/9xxx/CVE-2020-9850.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200710 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006", "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ab074c6cdf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/" } ] }, From c52b67b9640ec6aaabbecfb9a50f20507573c6f3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Jul 2020 21:01:20 +0000 Subject: [PATCH 27/41] "-Synchronized-Data." --- 2020/7xxx/CVE-2020-7961.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2020/7xxx/CVE-2020-7961.json b/2020/7xxx/CVE-2020-7961.json index e6d105bd753..e1c49014a06 100644 --- a/2020/7xxx/CVE-2020-7961.json +++ b/2020/7xxx/CVE-2020-7961.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html" } ] } From c4fac7de8263ab0e3fafd840ea9936b96a127e52 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Jul 2020 23:01:27 +0000 Subject: [PATCH 28/41] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11996.json | 5 +++++ 2020/9xxx/CVE-2020-9484.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2020/11xxx/CVE-2020-11996.json b/2020/11xxx/CVE-2020-11996.json index 9980bd2926b..2968f856300 100644 --- a/2020/11xxx/CVE-2020-11996.json +++ b/2020/11xxx/CVE-2020-11996.json @@ -124,6 +124,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200709-0002/", "url": "https://security.netapp.com/advisory/ntap-20200709-0002/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html" } ] }, diff --git a/2020/9xxx/CVE-2020-9484.json b/2020/9xxx/CVE-2020-9484.json index 8ca7481093d..dce4907cc6a 100644 --- a/2020/9xxx/CVE-2020-9484.json +++ b/2020/9xxx/CVE-2020-9484.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml", "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html" } ] }, From d2607b9bde83c7e3d4754a4e9e1103fe03b3478c Mon Sep 17 00:00:00 2001 From: Anton Black Date: Mon, 13 Jul 2020 10:48:39 +1000 Subject: [PATCH 29/41] Registering a Jira Server issue. --- 2019/20xxx/CVE-2019-20897.json | 90 ++++++++++++++++++++++++++++------ 1 file changed, 75 insertions(+), 15 deletions(-) diff --git a/2019/20xxx/CVE-2019-20897.json b/2019/20xxx/CVE-2019-20897.json index 06d5cd8dc0d..3b6121ad93a 100644 --- a/2019/20xxx/CVE-2019-20897.json +++ b/2019/20xxx/CVE-2019-20897.json @@ -1,18 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-20897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-03-24T00:00:00", + "ID": "CVE-2019-20897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.2", + "version_affected": "<" + }, + { + "version_value": "8.7.0", + "version_affected": ">=" + }, + { + "version_value": "8.7.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70813" + } + ] + } +} From 8f1107248637efa5d80ab0f81097978ee119917b Mon Sep 17 00:00:00 2001 From: Anton Black Date: Mon, 13 Jul 2020 10:53:13 +1000 Subject: [PATCH 30/41] Registering a Jira Server issue. --- 2019/20xxx/CVE-2019-20898.json | 58 ++++++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/2019/20xxx/CVE-2019-20898.json b/2019/20xxx/CVE-2019-20898.json index db5d1f60aa1..0e69cb0d344 100644 --- a/2019/20xxx/CVE-2019-20898.json +++ b/2019/20xxx/CVE-2019-20898.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-04-22T00:00:00", "ID": "CVE-2019-20898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.8.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70942" } ] } -} \ No newline at end of file +} From 5747e0b04b30ae1a9004a3306b3400c21f0a5a6f Mon Sep 17 00:00:00 2001 From: Anton Black Date: Mon, 13 Jul 2020 10:57:15 +1000 Subject: [PATCH 31/41] Registering a Jira Server issue. --- 2019/20xxx/CVE-2019-20899.json | 82 +++++++++++++++++++++++++++------- 1 file changed, 67 insertions(+), 15 deletions(-) diff --git a/2019/20xxx/CVE-2019-20899.json b/2019/20xxx/CVE-2019-20899.json index 2b12753c794..6f475e77194 100644 --- a/2019/20xxx/CVE-2019-20899.json +++ b/2019/20xxx/CVE-2019-20899.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-20899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-03-23T00:00:00", + "ID": "CVE-2019-20899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70808" + } + ] + } +} From 9465bc73a0969d51428c1075c9650074ad1c1560 Mon Sep 17 00:00:00 2001 From: Anton Black Date: Mon, 13 Jul 2020 10:59:34 +1000 Subject: [PATCH 32/41] Registering a Jira Server issue. --- 2019/20xxx/CVE-2019-20900.json | 74 +++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 15 deletions(-) diff --git a/2019/20xxx/CVE-2019-20900.json b/2019/20xxx/CVE-2019-20900.json index 671284b0a07..c77517987dc 100644 --- a/2019/20xxx/CVE-2019-20900.json +++ b/2019/20xxx/CVE-2019-20900.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-20900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-04-02T00:00:00", + "ID": "CVE-2019-20900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.7.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70858" + } + ] + } +} From e11751dcc4cf6e37750421e1ca6dd60975c68c9c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jul 2020 01:01:32 +0000 Subject: [PATCH 33/41] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20897.json | 154 +++++++++++++++++---------------- 2019/20xxx/CVE-2019-20898.json | 6 +- 2 files changed, 82 insertions(+), 78 deletions(-) diff --git a/2019/20xxx/CVE-2019-20897.json b/2019/20xxx/CVE-2019-20897.json index 3b6121ad93a..a31e3843d87 100644 --- a/2019/20xxx/CVE-2019-20897.json +++ b/2019/20xxx/CVE-2019-20897.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-03-24T00:00:00", - "ID": "CVE-2019-20897", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.5.4", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.6.2", - "version_affected": "<" - }, - { - "version_value": "8.7.0", - "version_affected": ">=" - }, - { - "version_value": "8.7.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-03-24T00:00:00", + "ID": "CVE-2019-20897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.2", + "version_affected": "<" + }, + { + "version_value": "8.7.0", + "version_affected": ">=" + }, + { + "version_value": "8.7.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-70813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70813", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70813" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20898.json b/2019/20xxx/CVE-2019-20898.json index 0e69cb0d344..3ed834a6643 100644 --- a/2019/20xxx/CVE-2019-20898.json +++ b/2019/20xxx/CVE-2019-20898.json @@ -55,8 +55,10 @@ "references": { "reference_data": [ { - "url": "https://jira.atlassian.com/browse/JRASERVER-70942" + "url": "https://jira.atlassian.com/browse/JRASERVER-70942", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70942" } ] } -} +} \ No newline at end of file From 508483fd7de201e4d3f96124e93de9396390441a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jul 2020 02:01:34 +0000 Subject: [PATCH 34/41] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20899.json | 138 +++++++++++++++++---------------- 2019/20xxx/CVE-2019-20900.json | 122 +++++++++++++++-------------- 2020/15xxx/CVE-2020-15503.json | 5 ++ 3 files changed, 137 insertions(+), 128 deletions(-) diff --git a/2019/20xxx/CVE-2019-20899.json b/2019/20xxx/CVE-2019-20899.json index 6f475e77194..1a5b8231166 100644 --- a/2019/20xxx/CVE-2019-20899.json +++ b/2019/20xxx/CVE-2019-20899.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-03-23T00:00:00", - "ID": "CVE-2019-20899", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.5.4", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.6.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-03-23T00:00:00", + "ID": "CVE-2019-20899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-70808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70808", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70808" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20900.json b/2019/20xxx/CVE-2019-20900.json index c77517987dc..d873adfa03f 100644 --- a/2019/20xxx/CVE-2019-20900.json +++ b/2019/20xxx/CVE-2019-20900.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-04-02T00:00:00", - "ID": "CVE-2019-20900", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.7.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-04-02T00:00:00", + "ID": "CVE-2019-20900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.7.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-70858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70858", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70858" + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15503.json b/2020/15xxx/CVE-2020-15503.json index 11a23809183..05d5368c4cf 100644 --- a/2020/15xxx/CVE-2020-15503.json +++ b/2020/15xxx/CVE-2020-15503.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-f421eea477", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f407db0e65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSXAJKZ4VNDYVQULJNY4XDPWHIJDTB4P/" } ] } From 129dd3a9664eb4b07af1362f8c1ffa7edfdf5cd9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jul 2020 03:01:26 +0000 Subject: [PATCH 35/41] "-Synchronized-Data." --- 2019/6xxx/CVE-2019-6690.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/6xxx/CVE-2019-6690.json b/2019/6xxx/CVE-2019-6690.json index d2eb1a79ec0..1f6d1822f82 100644 --- a/2019/6xxx/CVE-2019-6690.json +++ b/2019/6xxx/CVE-2019-6690.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-06f5bbdaf5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-17fb3273b2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/" } ] } From b2202b84f51c2bb9a17cc4e7eb9cc6a258c098d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jul 2020 04:01:24 +0000 Subject: [PATCH 36/41] "-Synchronized-Data." --- 2019/6xxx/CVE-2019-6690.json | 5 +++++ 2020/13xxx/CVE-2020-13757.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2019/6xxx/CVE-2019-6690.json b/2019/6xxx/CVE-2019-6690.json index 1f6d1822f82..4a2e337715b 100644 --- a/2019/6xxx/CVE-2019-6690.json +++ b/2019/6xxx/CVE-2019-6690.json @@ -106,6 +106,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-17fb3273b2", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e67d007a67", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/" } ] } diff --git a/2020/13xxx/CVE-2020-13757.json b/2020/13xxx/CVE-2020-13757.json index b7ef3ba9378..40743889c17 100644 --- a/2020/13xxx/CVE-2020-13757.json +++ b/2020/13xxx/CVE-2020-13757.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667", "url": "https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-253ebe55ff", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/" } ] } From 8ec765cfd53d08774947d96da307c372826b342f Mon Sep 17 00:00:00 2001 From: Anton Black Date: Mon, 13 Jul 2020 14:43:02 +1000 Subject: [PATCH 37/41] Registering a Jira Server issue. --- 2020/14xxx/CVE-2020-14174.json | 98 ++++++++++++++++++++++++++++------ 1 file changed, 83 insertions(+), 15 deletions(-) diff --git a/2020/14xxx/CVE-2020-14174.json b/2020/14xxx/CVE-2020-14174.json index 4772bfe069b..c770dae9659 100644 --- a/2020/14xxx/CVE-2020-14174.json +++ b/2020/14xxx/CVE-2020-14174.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-14174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-07-08T00:00:00", + "ID": "CVE-2020-14174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.5.7", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.9.2", + "version_affected": "<" + }, + { + "version_value": "8.10.0", + "version_affected": ">=" + }, + { + "version_value": "8.10.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object References (IDOR)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-71275" + } + ] + } +} From 10eb364d2b9a1c583ef49618df51303ea6754908 Mon Sep 17 00:00:00 2001 From: Anton Black Date: Mon, 13 Jul 2020 14:51:08 +1000 Subject: [PATCH 38/41] Registering a Jira Server issue. --- 2019/20xxx/CVE-2019-20901.json | 82 +++++++++++++++++++++++++++------- 1 file changed, 67 insertions(+), 15 deletions(-) diff --git a/2019/20xxx/CVE-2019-20901.json b/2019/20xxx/CVE-2019-20901.json index dc37027e94b..9b4ff001a95 100644 --- a/2019/20xxx/CVE-2019-20901.json +++ b/2019/20xxx/CVE-2019-20901.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-20901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-12-17T00:00:00", + "ID": "CVE-2019-20901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.2", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70408" + } + ] + } +} From 42097804577b8fca56f4d06577f7c192db230af6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jul 2020 05:01:34 +0000 Subject: [PATCH 39/41] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20901.json | 138 +++++++++++++------------- 2020/14xxx/CVE-2020-14174.json | 170 +++++++++++++++++---------------- 2 files changed, 156 insertions(+), 152 deletions(-) diff --git a/2019/20xxx/CVE-2019-20901.json b/2019/20xxx/CVE-2019-20901.json index 9b4ff001a95..6e573af2a52 100644 --- a/2019/20xxx/CVE-2019-20901.json +++ b/2019/20xxx/CVE-2019-20901.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-12-17T00:00:00", - "ID": "CVE-2019-20901", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.5.2", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.6.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Open Redirect" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-12-17T00:00:00", + "ID": "CVE-2019-20901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.2", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-70408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70408", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70408" + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14174.json b/2020/14xxx/CVE-2020-14174.json index c770dae9659..8a601659d0c 100644 --- a/2020/14xxx/CVE-2020-14174.json +++ b/2020/14xxx/CVE-2020-14174.json @@ -1,86 +1,88 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-07-08T00:00:00", - "ID": "CVE-2020-14174", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "7.13.6", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.5.7", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.9.2", - "version_affected": "<" - }, - { - "version_value": "8.10.0", - "version_affected": ">=" - }, - { - "version_value": "8.10.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Insecure Direct Object References (IDOR)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-07-08T00:00:00", + "ID": "CVE-2020-14174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.5.7", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.9.2", + "version_affected": "<" + }, + { + "version_value": "8.10.0", + "version_affected": ">=" + }, + { + "version_value": "8.10.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-71275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object References (IDOR)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-71275", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-71275" + } + ] + } +} \ No newline at end of file From 4952735cbf42ee037adfdf9ac51e2c9a01b7eecd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jul 2020 13:01:22 +0000 Subject: [PATCH 40/41] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20907.json | 67 ++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20907.json diff --git a/2019/20xxx/CVE-2019-20907.json b/2019/20xxx/CVE-2019-20907.json new file mode 100644 index 00000000000..458611a26eb --- /dev/null +++ b/2019/20xxx/CVE-2019-20907.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugs.python.org/issue39017", + "url": "https://bugs.python.org/issue39017" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/python/cpython/pull/21454", + "url": "https://github.com/python/cpython/pull/21454" + } + ] + } +} \ No newline at end of file From 0d619bfcc0859f45fd1d2dd1026654f358cb7b8b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Jul 2020 14:01:22 +0000 Subject: [PATCH 41/41] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15687.json | 18 ++++++++++ 2020/15xxx/CVE-2020-15688.json | 18 ++++++++++ 2020/15xxx/CVE-2020-15689.json | 62 ++++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+) create mode 100644 2020/15xxx/CVE-2020-15687.json create mode 100644 2020/15xxx/CVE-2020-15688.json create mode 100644 2020/15xxx/CVE-2020-15689.json diff --git a/2020/15xxx/CVE-2020-15687.json b/2020/15xxx/CVE-2020-15687.json new file mode 100644 index 00000000000..282d14bd752 --- /dev/null +++ b/2020/15xxx/CVE-2020-15687.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15687", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15688.json b/2020/15xxx/CVE-2020-15688.json new file mode 100644 index 00000000000..d49b24c802d --- /dev/null +++ b/2020/15xxx/CVE-2020-15688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15689.json b/2020/15xxx/CVE-2020-15689.json new file mode 100644 index 00000000000..8669fc2fd67 --- /dev/null +++ b/2020/15xxx/CVE-2020-15689.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-15689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/embedthis/appweb-gpl/issues/2", + "url": "https://github.com/embedthis/appweb-gpl/issues/2" + } + ] + } +} \ No newline at end of file