diff --git a/2013/3xxx/CVE-2013-3738.json b/2013/3xxx/CVE-2013-3738.json index fac9100dbcb..5c70ef23ea6 100644 --- a/2013/3xxx/CVE-2013-3738.json +++ b/2013/3xxx/CVE-2013-3738.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3738", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://support.zabbix.com/browse/ZBX-6652", + "refsource": "MISC", + "name": "http://support.zabbix.com/browse/ZBX-6652" } ] } diff --git a/2020/1xxx/CVE-2020-1692.json b/2020/1xxx/CVE-2020-1692.json index 382be504d91..afd2421bfc6 100644 --- a/2020/1xxx/CVE-2020-1692.json +++ b/2020/1xxx/CVE-2020-1692.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1692", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -18,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "3.7.2" + "version_value": "before 3.7.2" } ] } @@ -54,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Moodle before version 3.7.2 is vulnerable information exposure of service tokens for users enroled in the same course." + "value": "Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course." } ] }, @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6850.json b/2020/6xxx/CVE-2020-6850.json index 09e7e52bffa..ed1b9422e1d 100644 --- a/2020/6xxx/CVE-2020-6850.json +++ b/2020/6xxx/CVE-2020-6850.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6850", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6850", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/#developers" + }, + { + "url": "https://zeroauth.ltd/blog/", + "refsource": "MISC", + "name": "https://zeroauth.ltd/blog/" + }, + { + "refsource": "MISC", + "name": "https://zeroauth.ltd/blog/2020/01/28/cve-2020-6850-miniorange-saml-wp-plugin-before-4-8-84-is-vulnerable-to-xss-via-a-specially-crafted-saml-xml-response/", + "url": "https://zeroauth.ltd/blog/2020/01/28/cve-2020-6850-miniorange-saml-wp-plugin-before-4-8-84-is-vulnerable-to-xss-via-a-specially-crafted-saml-xml-response/" } ] } diff --git a/2020/9xxx/CVE-2020-9038.json b/2020/9xxx/CVE-2020-9038.json new file mode 100644 index 00000000000..d8256e8ecb0 --- /dev/null +++ b/2020/9xxx/CVE-2020-9038.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joplin through 1.0.184 allows Arbitrary File Read via XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc", + "refsource": "MISC", + "name": "https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc" + }, + { + "url": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20", + "refsource": "MISC", + "name": "https://github.com/laurent22/joplin/compare/clipper-1.0.19...clipper-1.0.20" + } + ] + } +} \ No newline at end of file