From 7fdd3c920a2c48fb039fe3408305d7af10c7076b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Apr 2020 19:04:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11999.json | 50 ++++++++++++++++++++++-- 2019/19xxx/CVE-2019-19394.json | 56 ++++++++++++++++++++++++--- 2019/1xxx/CVE-2019-1547.json | 5 --- 2019/20xxx/CVE-2019-20724.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20725.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20726.json | 70 +++++++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10611.json | 5 +++ 2020/10xxx/CVE-2020-10613.json | 5 +++ 2020/10xxx/CVE-2020-10615.json | 5 +++ 2020/10xxx/CVE-2020-10707.json | 4 +- 2020/11xxx/CVE-2020-11007.json | 2 +- 2020/11xxx/CVE-2020-11811.json | 56 ++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11812.json | 61 ++++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11813.json | 56 ++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11814.json | 56 ++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11816.json | 56 ++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11823.json | 56 ++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11825.json | 56 ++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11826.json | 56 ++++++++++++++++++++++++--- 2020/1xxx/CVE-2020-1879.json | 5 +++ 2020/1xxx/CVE-2020-1938.json | 5 +++ 2020/2xxx/CVE-2020-2177.json | 8 +++- 2020/2xxx/CVE-2020-2178.json | 8 +++- 2020/2xxx/CVE-2020-2179.json | 8 +++- 2020/2xxx/CVE-2020-2180.json | 8 +++- 2020/2xxx/CVE-2020-2748.json | 5 +++ 2020/2xxx/CVE-2020-2758.json | 5 +++ 2020/2xxx/CVE-2020-2882.json | 5 +++ 2020/2xxx/CVE-2020-2883.json | 5 +++ 2020/2xxx/CVE-2020-2902.json | 5 +++ 2020/2xxx/CVE-2020-2907.json | 5 --- 2020/2xxx/CVE-2020-2908.json | 5 +++ 2020/2xxx/CVE-2020-2929.json | 5 +++ 2020/2xxx/CVE-2020-2950.json | 5 +++ 2020/3xxx/CVE-2020-3239.json | 5 +++ 2020/3xxx/CVE-2020-3240.json | 5 +++ 2020/3xxx/CVE-2020-3243.json | 5 +++ 2020/3xxx/CVE-2020-3247.json | 5 +++ 2020/3xxx/CVE-2020-3248.json | 5 +++ 2020/3xxx/CVE-2020-3249.json | 5 +++ 2020/3xxx/CVE-2020-3250.json | 5 +++ 2020/5xxx/CVE-2020-5260.json | 5 +++ 42 files changed, 830 insertions(+), 92 deletions(-) diff --git a/2019/11xxx/CVE-2019-11999.json b/2019/11xxx/CVE-2019-11999.json index 17a9f665cbe..9edf87bfc76 100644 --- a/2019/11xxx/CVE-2019-11999.json +++ b/2019/11xxx/CVE-2019-11999.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE OC Media Platform (OCMP)", + "version": { + "version_data": [ + { + "version_value": "OCMP 4.4.8 RP 805,OCMP 4.5.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary file download; remote cross-site scripting (xss)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03984en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03984en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates." } ] } diff --git a/2019/19xxx/CVE-2019-19394.json b/2019/19xxx/CVE-2019-19394.json index d58f4a5164e..1973430dcb2 100644 --- a/2019/19xxx/CVE-2019-19394.json +++ b/2019/19xxx/CVE-2019-19394.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19394", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19394", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability/", + "url": "https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability/" } ] } diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index 669594d8255..38b7145b6e6 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -207,11 +207,6 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20200416-0003/", - "url": "https://security.netapp.com/advisory/ntap-20200416-0003/" } ] } diff --git a/2019/20xxx/CVE-2019-20724.json b/2019/20xxx/CVE-2019-20724.json index 4e76e2425e0..85737b1aa76 100644 --- a/2019/20xxx/CVE-2019-20724.json +++ b/2019/20xxx/CVE-2019-20724.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20724", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20724", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144", + "url": "https://kb.netgear.com/000061204/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0144" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20725.json b/2019/20xxx/CVE-2019-20725.json index f65ffcf4507..a728321bc9d 100644 --- a/2019/20xxx/CVE-2019-20725.json +++ b/2019/20xxx/CVE-2019-20725.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20725", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20725", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143", + "url": "https://kb.netgear.com/000061203/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0143" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20726.json b/2019/20xxx/CVE-2019-20726.json index efa09c3403a..ad3b2434033 100644 --- a/2019/20xxx/CVE-2019-20726.json +++ b/2019/20xxx/CVE-2019-20726.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20726", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20726", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141", + "url": "https://kb.netgear.com/000061202/Security-Advisory-for-Post-Authentication-Command-on-Some-Routers-and-Gateways-PSV-2018-0141" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10611.json b/2020/10xxx/CVE-2020-10611.json index 3246dbc3c4b..2248c66b5ba 100644 --- a/2020/10xxx/CVE-2020-10611.json +++ b/2020/10xxx/CVE-2020-10611.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-549/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-549/" } ] }, diff --git a/2020/10xxx/CVE-2020-10613.json b/2020/10xxx/CVE-2020-10613.json index 1930d90f882..2c5c3fd99f1 100644 --- a/2020/10xxx/CVE-2020-10613.json +++ b/2020/10xxx/CVE-2020-10613.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-548/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-548/" } ] }, diff --git a/2020/10xxx/CVE-2020-10615.json b/2020/10xxx/CVE-2020-10615.json index b9d85b2996a..c88436edee7 100644 --- a/2020/10xxx/CVE-2020-10615.json +++ b/2020/10xxx/CVE-2020-10615.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-547/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-547/" } ] }, diff --git a/2020/10xxx/CVE-2020-10707.json b/2020/10xxx/CVE-2020-10707.json index e967239b030..94868f08be7 100644 --- a/2020/10xxx/CVE-2020-10707.json +++ b/2020/10xxx/CVE-2020-10707.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-10707", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11612. Reason: This candidate is a reservation duplicate of CVE-2020-11612. Notes: All CVE users should reference CVE-2020-11612 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2020/11xxx/CVE-2020-11007.json b/2020/11xxx/CVE-2020-11007.json index 6a6e1227607..3f4f7ebc2f1 100644 --- a/2020/11xxx/CVE-2020-11007.json +++ b/2020/11xxx/CVE-2020-11007.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated\nhence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total\nin the shopping cart.\n\nThis has been patched in version 2.11.0." + "value": "In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0." } ] }, diff --git a/2020/11xxx/CVE-2020-11811.json b/2020/11xxx/CVE-2020-11811.json index 05374678f19..3b7c4cf82ef 100644 --- a/2020/11xxx/CVE-2020-11811.json +++ b/2020/11xxx/CVE-2020-11811.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11811", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11811", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/qdpm-web-based-project-management.html", + "url": "https://fatihhcelik.blogspot.com/2020/01/qdpm-web-based-project-management.html" } ] } diff --git a/2020/11xxx/CVE-2020-11812.json b/2020/11xxx/CVE-2020-11812.json index 9ea18a58d6c..8b0ca6ed26a 100644 --- a/2020/11xxx/CVE-2020-11812.json +++ b/2020/11xxx/CVE-2020-11812.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11812", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11812", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-filters0value.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-filters0value.html" + }, + { + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-filters1value.html", + "url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-filters1value.html" } ] } diff --git a/2020/11xxx/CVE-2020-11813.json b/2020/11xxx/CVE-2020-11813.json index f901e119ab1..04cee0f08a1 100644 --- a/2020/11xxx/CVE-2020-11813.json +++ b/2020/11xxx/CVE-2020-11813.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11813", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11813", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-stored-xss.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-stored-xss.html" } ] } diff --git a/2020/11xxx/CVE-2020-11814.json b/2020/11xxx/CVE-2020-11814.json index 328720d7712..fd04b02459a 100644 --- a/2020/11xxx/CVE-2020-11814.json +++ b/2020/11xxx/CVE-2020-11814.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11814", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11814", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/01/qdpm-web-based-project-management_11.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/qdpm-web-based-project-management_11.html" } ] } diff --git a/2020/11xxx/CVE-2020-11816.json b/2020/11xxx/CVE-2020-11816.json index 4e3588c66d3..cd005661ed6 100644 --- a/2020/11xxx/CVE-2020-11816.json +++ b/2020/11xxx/CVE-2020-11816.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11816", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11816", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-reportsid-post.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-reportsid-post.html" } ] } diff --git a/2020/11xxx/CVE-2020-11823.json b/2020/11xxx/CVE-2020-11823.json index 260353a3c02..f45a0015244 100644 --- a/2020/11xxx/CVE-2020-11823.json +++ b/2020/11xxx/CVE-2020-11823.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11823", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11823", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html", + "url": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html" } ] } diff --git a/2020/11xxx/CVE-2020-11825.json b/2020/11xxx/CVE-2020-11825.json index 56eca745a99..b97cbbfce49 100644 --- a/2020/11xxx/CVE-2020-11825.json +++ b/2020/11xxx/CVE-2020-11825.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11825", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11825", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html", + "url": "https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html" } ] } diff --git a/2020/11xxx/CVE-2020-11826.json b/2020/11xxx/CVE-2020-11826.json index b17286503e8..82ace3bec72 100644 --- a/2020/11xxx/CVE-2020-11826.json +++ b/2020/11xxx/CVE-2020-11826.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11826", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11826", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/02/memono-insecure-data-storage-ios.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/02/memono-insecure-data-storage-ios.html" } ] } diff --git a/2020/1xxx/CVE-2020-1879.json b/2020/1xxx/CVE-2020-1879.json index 3e99996c4a9..8c6e87c0c05 100644 --- a/2020/1xxx/CVE-2020-1879.json +++ b/2020/1xxx/CVE-2020-1879.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-integrity-en", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-integrity-en" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en" } ] }, diff --git a/2020/1xxx/CVE-2020-1938.json b/2020/1xxx/CVE-2020-1938.json index 57a29bc5560..24f612b9118 100644 --- a/2020/1xxx/CVE-2020-1938.json +++ b/2020/1xxx/CVE-2020-1938.json @@ -219,6 +219,11 @@ "refsource": "MLIST", "name": "[tomcat-users] 20200413 RE: Alternatives for AJP", "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739" } ] }, diff --git a/2020/2xxx/CVE-2020-2177.json b/2020/2xxx/CVE-2020-2177.json index f119a746612..a0d90a12402 100644 --- a/2020/2xxx/CVE-2020-2177.json +++ b/2020/2xxx/CVE-2020-2177.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2177", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -56,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1556", "url": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1556", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200416 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/04/16/4" } ] } diff --git a/2020/2xxx/CVE-2020-2178.json b/2020/2xxx/CVE-2020-2178.json index 5f41c1736fd..1f31e50d436 100644 --- a/2020/2xxx/CVE-2020-2178.json +++ b/2020/2xxx/CVE-2020-2178.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2178", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -56,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1753", "url": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1753", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200416 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/04/16/4" } ] } diff --git a/2020/2xxx/CVE-2020-2179.json b/2020/2xxx/CVE-2020-2179.json index 83b191b8d5a..fe6b6aaad12 100644 --- a/2020/2xxx/CVE-2020-2179.json +++ b/2020/2xxx/CVE-2020-2179.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2179", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -56,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1825", "url": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1825", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200416 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/04/16/4" } ] } diff --git a/2020/2xxx/CVE-2020-2180.json b/2020/2xxx/CVE-2020-2180.json index 7dd026e5e71..d5d2a16293d 100644 --- a/2020/2xxx/CVE-2020-2180.json +++ b/2020/2xxx/CVE-2020-2180.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2180", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -56,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1736", "url": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1736", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200416 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/04/16/4" } ] } diff --git a/2020/2xxx/CVE-2020-2748.json b/2020/2xxx/CVE-2020-2748.json index 3a6cad3e73b..370659e8aa3 100644 --- a/2020/2xxx/CVE-2020-2748.json +++ b/2020/2xxx/CVE-2020-2748.json @@ -72,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-506/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-506/" } ] } diff --git a/2020/2xxx/CVE-2020-2758.json b/2020/2xxx/CVE-2020-2758.json index 38245ec4c66..6bcae9e9ac6 100644 --- a/2020/2xxx/CVE-2020-2758.json +++ b/2020/2xxx/CVE-2020-2758.json @@ -72,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-507/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-507/" } ] } diff --git a/2020/2xxx/CVE-2020-2882.json b/2020/2xxx/CVE-2020-2882.json index 93ab872c2d6..b2dc57305ab 100644 --- a/2020/2xxx/CVE-2020-2882.json +++ b/2020/2xxx/CVE-2020-2882.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-502/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-502/" } ] } diff --git a/2020/2xxx/CVE-2020-2883.json b/2020/2xxx/CVE-2020-2883.json index d5a4eb8dd51..09583ab4b01 100644 --- a/2020/2xxx/CVE-2020-2883.json +++ b/2020/2xxx/CVE-2020-2883.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-504/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-504/" } ] } diff --git a/2020/2xxx/CVE-2020-2902.json b/2020/2xxx/CVE-2020-2902.json index 2870a430469..797ebc46071 100644 --- a/2020/2xxx/CVE-2020-2902.json +++ b/2020/2xxx/CVE-2020-2902.json @@ -72,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-497/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-497/" } ] } diff --git a/2020/2xxx/CVE-2020-2907.json b/2020/2xxx/CVE-2020-2907.json index b2c8fc57307..34467e2104f 100644 --- a/2020/2xxx/CVE-2020-2907.json +++ b/2020/2xxx/CVE-2020-2907.json @@ -77,11 +77,6 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-509/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-509/" - }, - { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-510/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-510/" } ] } diff --git a/2020/2xxx/CVE-2020-2908.json b/2020/2xxx/CVE-2020-2908.json index 592e22e0e14..0937087b696 100644 --- a/2020/2xxx/CVE-2020-2908.json +++ b/2020/2xxx/CVE-2020-2908.json @@ -72,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-501/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-501/" } ] } diff --git a/2020/2xxx/CVE-2020-2929.json b/2020/2xxx/CVE-2020-2929.json index 6242d88a9b6..0879c08ccf7 100644 --- a/2020/2xxx/CVE-2020-2929.json +++ b/2020/2xxx/CVE-2020-2929.json @@ -72,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-508/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-508/" } ] } diff --git a/2020/2xxx/CVE-2020-2950.json b/2020/2xxx/CVE-2020-2950.json index 29993d597b6..76de6f99480 100644 --- a/2020/2xxx/CVE-2020-2950.json +++ b/2020/2xxx/CVE-2020-2950.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-505/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-505/" } ] } diff --git a/2020/3xxx/CVE-2020-3239.json b/2020/3xxx/CVE-2020-3239.json index d9dd3d20c8d..0f8b62c182f 100644 --- a/2020/3xxx/CVE-2020-3239.json +++ b/2020/3xxx/CVE-2020-3239.json @@ -71,6 +71,11 @@ "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-539/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-539/" } ] }, diff --git a/2020/3xxx/CVE-2020-3240.json b/2020/3xxx/CVE-2020-3240.json index 82aa539ae94..d9f550988f3 100644 --- a/2020/3xxx/CVE-2020-3240.json +++ b/2020/3xxx/CVE-2020-3240.json @@ -71,6 +71,11 @@ "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-542/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-542/" } ] }, diff --git a/2020/3xxx/CVE-2020-3243.json b/2020/3xxx/CVE-2020-3243.json index d751b7fa258..dda4853310f 100644 --- a/2020/3xxx/CVE-2020-3243.json +++ b/2020/3xxx/CVE-2020-3243.json @@ -71,6 +71,11 @@ "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-540/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-540/" } ] }, diff --git a/2020/3xxx/CVE-2020-3247.json b/2020/3xxx/CVE-2020-3247.json index a4834f5300e..fb89e6f97b7 100644 --- a/2020/3xxx/CVE-2020-3247.json +++ b/2020/3xxx/CVE-2020-3247.json @@ -71,6 +71,11 @@ "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-541/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-541/" } ] }, diff --git a/2020/3xxx/CVE-2020-3248.json b/2020/3xxx/CVE-2020-3248.json index 1a559699899..cd511e7b0c0 100644 --- a/2020/3xxx/CVE-2020-3248.json +++ b/2020/3xxx/CVE-2020-3248.json @@ -71,6 +71,11 @@ "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-543/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-543/" } ] }, diff --git a/2020/3xxx/CVE-2020-3249.json b/2020/3xxx/CVE-2020-3249.json index 77f1f77b6ba..3515bd7151b 100644 --- a/2020/3xxx/CVE-2020-3249.json +++ b/2020/3xxx/CVE-2020-3249.json @@ -71,6 +71,11 @@ "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/" } ] }, diff --git a/2020/3xxx/CVE-2020-3250.json b/2020/3xxx/CVE-2020-3250.json index 23d048a0684..e29105bd882 100644 --- a/2020/3xxx/CVE-2020-3250.json +++ b/2020/3xxx/CVE-2020-3250.json @@ -71,6 +71,11 @@ "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-538/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-538/" } ] }, diff --git a/2020/5xxx/CVE-2020-5260.json b/2020/5xxx/CVE-2020-5260.json index 14f93a1687c..2f997d54b61 100644 --- a/2020/5xxx/CVE-2020-5260.json +++ b/2020/5xxx/CVE-2020-5260.json @@ -135,6 +135,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200415 Re: CVE-2020-5260: Git: malicious URLs may cause Git to present stored credentials to the wrong server", "url": "http://www.openwall.com/lists/oss-security/2020/04/15/6" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0524", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html" } ] },