diff --git a/2019/18xxx/CVE-2019-18282.json b/2019/18xxx/CVE-2019-18282.json index 5c182db648b..361feb31624 100644 --- a/2019/18xxx/CVE-2019-18282.json +++ b/2019/18xxx/CVE-2019-18282.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "MISC", + "name": "https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o", + "url": "https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o" } ] } diff --git a/2019/20xxx/CVE-2019-20790.json b/2019/20xxx/CVE-2019-20790.json index 1745b052312..ffb62a6f508 100644 --- a/2019/20xxx/CVE-2019-20790.json +++ b/2019/20xxx/CVE-2019-20790.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20790", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20790", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf", + "refsource": "MISC", + "name": "https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf" + }, + { + "url": "https://sourceforge.net/p/opendmarc/tickets/235/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/opendmarc/tickets/235/" + }, + { + "url": "https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816" } ] } diff --git a/2019/4xxx/CVE-2019-4729.json b/2019/4xxx/CVE-2019-4729.json index bd3792dbae0..042c5c771c1 100644 --- a/2019/4xxx/CVE-2019-4729.json +++ b/2019/4xxx/CVE-2019-4729.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "I" : "N", - "AC" : "L", - "A" : "N", - "SCORE" : "4.300", - "PR" : "L", - "UI" : "N", - "AV" : "N", - "C" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6193425 (Cognos Analytics)", - "name" : "https://www.ibm.com/support/pages/node/6193425", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6193425" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172519", - "name" : "ibm-cognos-cve20194729-info-disc (172519)" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519." - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-04-24T00:00:00", - "ID" : "CVE-2019-4729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "11.0" - }, - { - "version_value" : "11.1" - } - ] - }, - "product_name" : "Cognos Analytics" - } - ] - }, - "vendor_name" : "IBM" + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "I": "N", + "AC": "L", + "A": "N", + "SCORE": "4.300", + "PR": "L", + "UI": "N", + "AV": "N", + "C": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" } - ] - } - } -} + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6193425 (Cognos Analytics)", + "name": "https://www.ibm.com/support/pages/node/6193425", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6193425" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172519", + "name": "ibm-cognos-cve20194729-info-disc (172519)" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519." + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-04-24T00:00:00", + "ID": "CVE-2019-4729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.0" + }, + { + "version_value": "11.1" + } + ] + }, + "product_name": "Cognos Analytics" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11420.json b/2020/11xxx/CVE-2020-11420.json index 37e43482f1e..4baa6ab49bc 100644 --- a/2020/11xxx/CVE-2020-11420.json +++ b/2020/11xxx/CVE-2020-11420.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11420", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11420", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf", + "url": "https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249", + "url": "https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249" } ] } diff --git a/2020/12xxx/CVE-2020-12272.json b/2020/12xxx/CVE-2020-12272.json index 6ab67ae0eb9..bb90a4fd7ae 100644 --- a/2020/12xxx/CVE-2020-12272.json +++ b/2020/12xxx/CVE-2020-12272.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12272", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12272", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/opendmarc/tickets/237/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/opendmarc/tickets/237/" + }, + { + "url": "https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf", + "refsource": "MISC", + "name": "https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf" } ] } diff --git a/2020/9xxx/CVE-2020-9489.json b/2020/9xxx/CVE-2020-9489.json index 81a09f7bdd6..87b8d75f56c 100644 --- a/2020/9xxx/CVE-2020-9489.json +++ b/2020/9xxx/CVE-2020-9489.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Tika", + "version": { + "version_data": [ + { + "version_value": "Up to 1.24" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4d943777e36ca3aa6305a45da5acccc54ad894f2d5a07186cfa2442c%40%3Cdev.tika.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r4d943777e36ca3aa6305a45da5acccc54ad894f2d5a07186cfa2442c%40%3Cdev.tika.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release." } ] }