From 78e0a21c120a5ebf69c71dab2da9bbd658058c60 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 21:01:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/2xxx/CVE-2011-2706.json | 55 ++++++++++++++++++++-- 2011/2xxx/CVE-2011-2933.json | 50 ++++++++++++++++++-- 2011/2xxx/CVE-2011-2934.json | 50 ++++++++++++++++++-- 2011/3xxx/CVE-2011-3183.json | 50 ++++++++++++++++++-- 2011/3xxx/CVE-2011-3202.json | 50 ++++++++++++++++++-- 2016/6xxx/CVE-2016-6592.json | 75 ++++++++++++++++++++++++++++-- 2018/1002xxx/CVE-2018-1002104.json | 2 +- 2019/16xxx/CVE-2019-16784.json | 4 +- 2020/7xxx/CVE-2020-7053.json | 72 ++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7054.json | 62 ++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7055.json | 18 +++++++ 11 files changed, 467 insertions(+), 21 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7053.json create mode 100644 2020/7xxx/CVE-2020-7054.json create mode 100644 2020/7xxx/CVE-2020-7055.json diff --git a/2011/2xxx/CVE-2011-2706.json b/2011/2xxx/CVE-2011-2706.json index 51ddf6214dc..c418a3cddcd 100644 --- a/2011/2xxx/CVE-2011-2706.json +++ b/2011/2xxx/CVE-2011-2706.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2706", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sNews", + "version": { + "version_data": [ + { + "version_value": "1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "sNews" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/20/17", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/20/17" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/May/300", + "url": "https://seclists.org/fulldisclosure/2011/May/300" } ] } diff --git a/2011/2xxx/CVE-2011-2933.json b/2011/2xxx/CVE-2011-2933.json index 2981dcb3493..d2351873579 100644 --- a/2011/2xxx/CVE-2011-2933.json +++ b/2011/2xxx/CVE-2011-2933.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2933", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebsiteBaker", + "version": { + "version_data": [ + { + "version_value": "through 2.8.1" + } + ] + } + } + ] + }, + "vendor_name": "WebsiteBaker" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/19/12", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/19/12" } ] } diff --git a/2011/2xxx/CVE-2011-2934.json b/2011/2xxx/CVE-2011-2934.json index e48597cc564..b5f462a7e7b 100644 --- a/2011/2xxx/CVE-2011-2934.json +++ b/2011/2xxx/CVE-2011-2934.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2934", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebsiteBaker", + "version": { + "version_data": [ + { + "version_value": "through 2.8.1" + } + ] + } + } + ] + }, + "vendor_name": "WebsiteBaker" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/19/13", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/19/13" } ] } diff --git a/2011/3xxx/CVE-2011-3183.json b/2011/3xxx/CVE-2011-3183.json index 56b45a4f45e..8c382f5484f 100644 --- a/2011/3xxx/CVE-2011-3183.json +++ b/2011/3xxx/CVE-2011-3183.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3183", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Concrete CMS", + "version": { + "version_data": [ + { + "version_value": "through 5.4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Concrete CMS" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/22/11", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/22/11" } ] } diff --git a/2011/3xxx/CVE-2011-3202.json b/2011/3xxx/CVE-2011-3202.json index 178d93819b9..35b300a4b80 100644 --- a/2011/3xxx/CVE-2011-3202.json +++ b/2011/3xxx/CVE-2011-3202.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jcow CMS", + "version": { + "version_data": [ + { + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "Jcow" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/30/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/30/5" } ] } diff --git a/2016/6xxx/CVE-2016-6592.json b/2016/6xxx/CVE-2016-6592.json index 0183e1bfae6..75b5ee9ebb4 100644 --- a/2016/6xxx/CVE-2016-6592.json +++ b/2016/6xxx/CVE-2016-6592.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secure@symantec.com", "ID": "CVE-2016-6592", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton Download Manager", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + } + ] + }, + "vendor_name": "Symantec" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/94695", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94695" + }, + { + "url": "http://www.securityfocus.com/bid/95444", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95444" + }, + { + "url": "http://www.securitytracker.com/id/1037622", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037622" + }, + { + "url": "http://www.securitytracker.com/id/1037623", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037623" + }, + { + "url": "http://www.securitytracker.com/id/1037624", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037624" + }, + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1394.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1394.html" } ] } diff --git a/2018/1002xxx/CVE-2018-1002104.json b/2018/1002xxx/CVE-2018-1002104.json index fbfc0c6dfea..1c10a1a861a 100644 --- a/2018/1002xxx/CVE-2018-1002104.json +++ b/2018/1002xxx/CVE-2018-1002104.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "jordan@liggitt.net", + "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2018-09-25", "ID": "CVE-2018-1002104", "STATE": "PUBLIC" diff --git a/2019/16xxx/CVE-2019-16784.json b/2019/16xxx/CVE-2019-16784.json index bc6a23eeeae..de55d8f0879 100644 --- a/2019/16xxx/CVE-2019-16784.json +++ b/2019/16xxx/CVE-2019-16784.json @@ -42,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory.\n\nThis is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp).\nIn order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)." + "value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)." } ] }, @@ -87,4 +87,4 @@ "advisory": "GHSA-7fcj-pq9j-wh2r", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7053.json b/2020/7xxx/CVE-2020-7053.json new file mode 100644 index 00000000000..46080b0c092 --- /dev/null +++ b/2020/7xxx/CVE-2020-7053.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com", + "refsource": "MISC", + "name": "https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7054.json b/2020/7xxx/CVE-2020-7054.json new file mode 100644 index 00000000000..32478340ce0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7054.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mz-automation/libiec61850/issues/200", + "refsource": "MISC", + "name": "https://github.com/mz-automation/libiec61850/issues/200" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7055.json b/2020/7xxx/CVE-2020-7055.json new file mode 100644 index 00000000000..3fae0270607 --- /dev/null +++ b/2020/7xxx/CVE-2020-7055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file