From 7dd33ef88bf1ca1ee5d7e1b616c34ad20b306ab6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 27 May 2020 16:01:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10945.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10946.json | 56 ++++++++++++++++++++++++++++++---- 2020/12xxx/CVE-2020-12050.json | 15 +++++++++ 2020/13xxx/CVE-2020-13627.json | 48 +++++++++++++++++++++++++++-- 2020/13xxx/CVE-2020-13628.json | 48 +++++++++++++++++++++++++++-- 2020/13xxx/CVE-2020-13633.json | 56 ++++++++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13634.json | 18 +++++++++++ 7 files changed, 275 insertions(+), 22 deletions(-) create mode 100644 2020/13xxx/CVE-2020-13634.json diff --git a/2020/10xxx/CVE-2020-10945.json b/2020/10xxx/CVE-2020-10945.json index 17fb6708437..51d83a49ad0 100644 --- a/2020/10xxx/CVE-2020-10945.json +++ b/2020/10xxx/CVE-2020-10945.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10945", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10945", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Centreon before 19.10.7 exposes Session IDs in server responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10945-centreon-session-id-exposure/", + "url": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10945-centreon-session-id-exposure/" } ] } diff --git a/2020/10xxx/CVE-2020-10946.json b/2020/10xxx/CVE-2020-10946.json index 99c87152afa..03dccb13b10 100644 --- a/2020/10xxx/CVE-2020-10946.json +++ b/2020/10xxx/CVE-2020-10946.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10946", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10946", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/", + "url": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/" } ] } diff --git a/2020/12xxx/CVE-2020-12050.json b/2020/12xxx/CVE-2020-12050.json index a924a5015c6..cd86f37c952 100644 --- a/2020/12xxx/CVE-2020-12050.json +++ b/2020/12xxx/CVE-2020-12050.json @@ -62,6 +62,16 @@ "refsource": "MISC", "name": "http://www.ch-werner.de/sqliteodbc/" }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1e85425a52", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PR6B33IGBADGYDBTEEU36OGERER2HOGQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-c98c7da2f6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXPHBDVB3LAQUQJCZ4WIS3JWM7JFR56X/" + }, { "refsource": "CONFIRM", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825762", @@ -81,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0628", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00026.html" + }, + { + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/2020-05-25-cve-2020-12050-fedora-red-hat-centos-local-privilege-escalation-through-a-race-condition-in-the-sqliteodbc-installer-script/", + "url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-12050-fedora-red-hat-centos-local-privilege-escalation-through-a-race-condition-in-the-sqliteodbc-installer-script/" } ] } diff --git a/2020/13xxx/CVE-2020-13627.json b/2020/13xxx/CVE-2020-13627.json index 15db749dbc6..a86a4bd460a 100644 --- a/2020/13xxx/CVE-2020-13627.json +++ b/2020/13xxx/CVE-2020-13627.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2020-13627", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/", + "url": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget." } ] } diff --git a/2020/13xxx/CVE-2020-13628.json b/2020/13xxx/CVE-2020-13628.json index d5ca3a410ec..6dd0a706e94 100644 --- a/2020/13xxx/CVE-2020-13628.json +++ b/2020/13xxx/CVE-2020-13628.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2020-13628", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/", + "url": "https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget." } ] } diff --git a/2020/13xxx/CVE-2020-13633.json b/2020/13xxx/CVE-2020-13633.json index 01a2e710c3b..1afcb2052ba 100644 --- a/2020/13xxx/CVE-2020-13633.json +++ b/2020/13xxx/CVE-2020-13633.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13633", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13633", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fork before 5.8.3 allows XSS via navigation_title or title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/forkcms/forkcms/pull/3093", + "refsource": "MISC", + "name": "https://github.com/forkcms/forkcms/pull/3093" } ] } diff --git a/2020/13xxx/CVE-2020-13634.json b/2020/13xxx/CVE-2020-13634.json new file mode 100644 index 00000000000..5a746f93579 --- /dev/null +++ b/2020/13xxx/CVE-2020-13634.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file