diff --git a/2019/13xxx/CVE-2019-13033.json b/2019/13xxx/CVE-2019-13033.json new file mode 100644 index 00000000000..7bbdce21e14 --- /dev/null +++ b/2019/13xxx/CVE-2019-13033.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cisofy.com/security/cve/cve-2019-13033/", + "url": "https://cisofy.com/security/cve/cve-2019-13033/" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10644.json b/2020/10xxx/CVE-2020-10644.json index b7468d8ac27..b30aecc0e11 100644 --- a/2020/10xxx/CVE-2020-10644.json +++ b/2020/10xxx/CVE-2020-10644.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information." + "value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information." } ] } diff --git a/2020/12xxx/CVE-2020-12000.json b/2020/12xxx/CVE-2020-12000.json index 5c86db4acec..e9b10d15c0c 100644 --- a/2020/12xxx/CVE-2020-12000.json +++ b/2020/12xxx/CVE-2020-12000.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information." + "value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information." } ] } diff --git a/2020/12xxx/CVE-2020-12004.json b/2020/12xxx/CVE-2020-12004.json index 2c6f0050832..56499f99a50 100644 --- a/2020/12xxx/CVE-2020-12004.json +++ b/2020/12xxx/CVE-2020-12004.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "versions prior to 8.0.10" + "version_value": "versions prior to 7.9.14 and 8.0.10" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information." + "value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information." } ] } diff --git a/2020/13xxx/CVE-2020-13882.json b/2020/13xxx/CVE-2020-13882.json index 7b3b55bc327..fa47159eace 100644 --- a/2020/13xxx/CVE-2020-13882.json +++ b/2020/13xxx/CVE-2020-13882.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13882", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13882", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cisofy.com/security/cve/cve-2020-13882/", + "url": "https://cisofy.com/security/cve/cve-2020-13882/" } ] } diff --git a/2020/14xxx/CVE-2020-14443.json b/2020/14xxx/CVE-2020-14443.json new file mode 100644 index 00000000000..91b7df6f3b4 --- /dev/null +++ b/2020/14xxx/CVE-2020-14443.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-14443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/Dolibarr/dolibarr/commit/40e16672e3aa4e9208ea7a4829f30507dcdfc4ba", + "url": "https://github.com/Dolibarr/dolibarr/commit/40e16672e3aa4e9208ea7a4829f30507dcdfc4ba" + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14444.json b/2020/14xxx/CVE-2020-14444.json new file mode 100644 index 00000000000..dc1f8dc28c4 --- /dev/null +++ b/2020/14xxx/CVE-2020-14444.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-14444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0707", + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0707" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14445.json b/2020/14xxx/CVE-2020-14445.json new file mode 100644 index 00000000000..c5a22b94e3e --- /dev/null +++ b/2020/14xxx/CVE-2020-14445.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-14445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711", + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14446.json b/2020/14xxx/CVE-2020-14446.json new file mode 100644 index 00000000000..462efde605e --- /dev/null +++ b/2020/14xxx/CVE-2020-14446.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-14446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0713", + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0713" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5515.json b/2020/5xxx/CVE-2020-5515.json index c5c181f7659..80772b9eca0 100644 --- a/2020/5xxx/CVE-2020-5515.json +++ b/2020/5xxx/CVE-2020-5515.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.html", "url": "http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158140/Gila-CMS-1.1.18.1-SQL-Injection-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/158140/Gila-CMS-1.1.18.1-SQL-Injection-Shell-Upload.html" } ] } diff --git a/2020/9xxx/CVE-2020-9004.json b/2020/9xxx/CVE-2020-9004.json index 86ac9c200f7..de31ed6fa96 100644 --- a/2020/9xxx/CVE-2020-9004.json +++ b/2020/9xxx/CVE-2020-9004.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2020-9004.txt", "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2020-9004.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes" } ] }