diff --git a/2001/0xxx/CVE-2001-0917.json b/2001/0xxx/CVE-2001-0917.json index 8b6b35a4082..a476d3ef45c 100644 --- a/2001/0xxx/CVE-2001-0917.json +++ b/2001/0xxx/CVE-2001-0917.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0493.json b/2002/0xxx/CVE-2002-0493.json index 92e7629370b..14eeeefb196 100644 --- a/2002/0xxx/CVE-2002-0493.json +++ b/2002/0xxx/CVE-2002-0493.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0682.json b/2002/0xxx/CVE-2002-0682.json index 12ab4cf19f4..6b58e474d89 100644 --- a/2002/0xxx/CVE-2002-0682.json +++ b/2002/0xxx/CVE-2002-0682.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0935.json b/2002/0xxx/CVE-2002-0935.json index 57308feabea..83a1e463fde 100644 --- a/2002/0xxx/CVE-2002-0935.json +++ b/2002/0xxx/CVE-2002-0935.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/0xxx/CVE-2002-0936.json b/2002/0xxx/CVE-2002-0936.json index 73582eba263..556f6379f0f 100644 --- a/2002/0xxx/CVE-2002-0936.json +++ b/2002/0xxx/CVE-2002-0936.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1148.json b/2002/1xxx/CVE-2002-1148.json index a2b2f581a7e..f44c41e8406 100644 --- a/2002/1xxx/CVE-2002-1148.json +++ b/2002/1xxx/CVE-2002-1148.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1394.json b/2002/1xxx/CVE-2002-1394.json index 005da01ebcc..e00bf88ac50 100644 --- a/2002/1xxx/CVE-2002-1394.json +++ b/2002/1xxx/CVE-2002-1394.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1567.json b/2002/1xxx/CVE-2002-1567.json index 3a294017263..1c61d66dfb4 100644 --- a/2002/1xxx/CVE-2002-1567.json +++ b/2002/1xxx/CVE-2002-1567.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/1xxx/CVE-2002-1895.json b/2002/1xxx/CVE-2002-1895.json index fc7e96ff15c..8172a13836a 100644 --- a/2002/1xxx/CVE-2002-1895.json +++ b/2002/1xxx/CVE-2002-1895.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/2xxx/CVE-2002-2006.json b/2002/2xxx/CVE-2002-2006.json index 189c4c3ad84..58b8195a276 100644 --- a/2002/2xxx/CVE-2002-2006.json +++ b/2002/2xxx/CVE-2002-2006.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/2xxx/CVE-2002-2008.json b/2002/2xxx/CVE-2002-2008.json index e6728159f3c..f25d5ae099a 100644 --- a/2002/2xxx/CVE-2002-2008.json +++ b/2002/2xxx/CVE-2002-2008.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2002/2xxx/CVE-2002-2009.json b/2002/2xxx/CVE-2002-2009.json index 50bae1af358..ba8bb29bf5c 100644 --- a/2002/2xxx/CVE-2002-2009.json +++ b/2002/2xxx/CVE-2002-2009.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2003/0xxx/CVE-2003-0866.json b/2003/0xxx/CVE-2003-0866.json index 108f859c54d..f2813396aa1 100644 --- a/2003/0xxx/CVE-2003-0866.json +++ b/2003/0xxx/CVE-2003-0866.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/2xxx/CVE-2005-2090.json b/2005/2xxx/CVE-2005-2090.json index 0ae8872e709..e47ba14971e 100644 --- a/2005/2xxx/CVE-2005-2090.json +++ b/2005/2xxx/CVE-2005-2090.json @@ -291,6 +291,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/3xxx/CVE-2005-3164.json b/2005/3xxx/CVE-2005-3164.json index aca17ee56bf..90c96521485 100644 --- a/2005/3xxx/CVE-2005-3164.json +++ b/2005/3xxx/CVE-2005-3164.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/3xxx/CVE-2005-3510.json b/2005/3xxx/CVE-2005-3510.json index 052520b2a2a..fef520a47e5 100644 --- a/2005/3xxx/CVE-2005-3510.json +++ b/2005/3xxx/CVE-2005-3510.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/4xxx/CVE-2005-4703.json b/2005/4xxx/CVE-2005-4703.json index 1a095add583..bc60a0fe605 100644 --- a/2005/4xxx/CVE-2005-4703.json +++ b/2005/4xxx/CVE-2005-4703.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/4xxx/CVE-2005-4836.json b/2005/4xxx/CVE-2005-4836.json index 99c0a9d235c..7d157e39e4f 100644 --- a/2005/4xxx/CVE-2005-4836.json +++ b/2005/4xxx/CVE-2005-4836.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2005/4xxx/CVE-2005-4838.json b/2005/4xxx/CVE-2005-4838.json index 9a356a69d27..7961f487fe6 100644 --- a/2005/4xxx/CVE-2005-4838.json +++ b/2005/4xxx/CVE-2005-4838.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2006/3xxx/CVE-2006-3835.json b/2006/3xxx/CVE-2006-3835.json index 0cfb7e146b0..821af503a78 100644 --- a/2006/3xxx/CVE-2006-3835.json +++ b/2006/3xxx/CVE-2006-3835.json @@ -196,6 +196,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2006/7xxx/CVE-2006-7196.json b/2006/7xxx/CVE-2006-7196.json index 0060aa31208..6c5c71d0318 100644 --- a/2006/7xxx/CVE-2006-7196.json +++ b/2006/7xxx/CVE-2006-7196.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2006/7xxx/CVE-2006-7197.json b/2006/7xxx/CVE-2006-7197.json index ee989200c3f..078d4b0a868 100644 --- a/2006/7xxx/CVE-2006-7197.json +++ b/2006/7xxx/CVE-2006-7197.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/0xxx/CVE-2007-0450.json b/2007/0xxx/CVE-2007-0450.json index df1c8fa931b..c3d73805e38 100644 --- a/2007/0xxx/CVE-2007-0450.json +++ b/2007/0xxx/CVE-2007-0450.json @@ -326,6 +326,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/0xxx/CVE-2007-0774.json b/2007/0xxx/CVE-2007-0774.json index 34a28bef256..a5cd3555113 100644 --- a/2007/0xxx/CVE-2007-0774.json +++ b/2007/0xxx/CVE-2007-0774.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1355.json b/2007/1xxx/CVE-2007-1355.json index 63d9ac92a21..7a034e91ee9 100644 --- a/2007/1xxx/CVE-2007-1355.json +++ b/2007/1xxx/CVE-2007-1355.json @@ -221,6 +221,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1358.json b/2007/1xxx/CVE-2007-1358.json index d5145328936..70fdcda768f 100644 --- a/2007/1xxx/CVE-2007-1358.json +++ b/2007/1xxx/CVE-2007-1358.json @@ -241,6 +241,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1858.json b/2007/1xxx/CVE-2007-1858.json index f9ee81459df..27e98f4a090 100644 --- a/2007/1xxx/CVE-2007-1858.json +++ b/2007/1xxx/CVE-2007-1858.json @@ -161,6 +161,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/1xxx/CVE-2007-1860.json b/2007/1xxx/CVE-2007-1860.json index c7df9dc4eb4..e5475e0586e 100644 --- a/2007/1xxx/CVE-2007-1860.json +++ b/2007/1xxx/CVE-2007-1860.json @@ -216,6 +216,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/2xxx/CVE-2007-2449.json b/2007/2xxx/CVE-2007-2449.json index 3f5ed681868..4ed21c28e84 100644 --- a/2007/2xxx/CVE-2007-2449.json +++ b/2007/2xxx/CVE-2007-2449.json @@ -251,6 +251,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/2xxx/CVE-2007-2450.json b/2007/2xxx/CVE-2007-2450.json index 62035da8bf7..c7e7fbc99cb 100644 --- a/2007/2xxx/CVE-2007-2450.json +++ b/2007/2xxx/CVE-2007-2450.json @@ -261,6 +261,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/3xxx/CVE-2007-3382.json b/2007/3xxx/CVE-2007-3382.json index 26b6e409dda..2356ae9fbc4 100644 --- a/2007/3xxx/CVE-2007-3382.json +++ b/2007/3xxx/CVE-2007-3382.json @@ -286,6 +286,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/3xxx/CVE-2007-3383.json b/2007/3xxx/CVE-2007-3383.json index 8e1d424fcd2..4ab6ce988ec 100644 --- a/2007/3xxx/CVE-2007-3383.json +++ b/2007/3xxx/CVE-2007-3383.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/3xxx/CVE-2007-3385.json b/2007/3xxx/CVE-2007-3385.json index 05bb477b6d5..326adebd4dd 100644 --- a/2007/3xxx/CVE-2007-3385.json +++ b/2007/3xxx/CVE-2007-3385.json @@ -306,6 +306,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/4xxx/CVE-2007-4774.json b/2007/4xxx/CVE-2007-4774.json index 92b4a46f28b..ec7795d4fe6 100644 --- a/2007/4xxx/CVE-2007-4774.json +++ b/2007/4xxx/CVE-2007-4774.json @@ -61,6 +61,11 @@ "url": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60", "refsource": "MISC", "name": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2007/5xxx/CVE-2007-5333.json b/2007/5xxx/CVE-2007-5333.json index e8712470d56..5d45f27b040 100644 --- a/2007/5xxx/CVE-2007-5333.json +++ b/2007/5xxx/CVE-2007-5333.json @@ -316,6 +316,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/5xxx/CVE-2007-5342.json b/2007/5xxx/CVE-2007-5342.json index 8d22d2db283..8496a392332 100644 --- a/2007/5xxx/CVE-2007-5342.json +++ b/2007/5xxx/CVE-2007-5342.json @@ -296,6 +296,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2007/5xxx/CVE-2007-5461.json b/2007/5xxx/CVE-2007-5461.json index 65f2ccfd8d5..63c78841f70 100644 --- a/2007/5xxx/CVE-2007-5461.json +++ b/2007/5xxx/CVE-2007-5461.json @@ -401,6 +401,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/0xxx/CVE-2008-0128.json b/2008/0xxx/CVE-2008-0128.json index 21ab8dc9451..24638f6f737 100644 --- a/2008/0xxx/CVE-2008-0128.json +++ b/2008/0xxx/CVE-2008-0128.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/1xxx/CVE-2008-1232.json b/2008/1xxx/CVE-2008-1232.json index d6e5c5a229c..34b20f778ae 100644 --- a/2008/1xxx/CVE-2008-1232.json +++ b/2008/1xxx/CVE-2008-1232.json @@ -366,6 +366,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/1xxx/CVE-2008-1947.json b/2008/1xxx/CVE-2008-1947.json index 1092dc1089f..be916456b16 100644 --- a/2008/1xxx/CVE-2008-1947.json +++ b/2008/1xxx/CVE-2008-1947.json @@ -311,6 +311,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/2xxx/CVE-2008-2370.json b/2008/2xxx/CVE-2008-2370.json index 509461c78d6..2ab2519e673 100644 --- a/2008/2xxx/CVE-2008-2370.json +++ b/2008/2xxx/CVE-2008-2370.json @@ -346,6 +346,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/2xxx/CVE-2008-2938.json b/2008/2xxx/CVE-2008-2938.json index 76623facc46..12164224a37 100644 --- a/2008/2xxx/CVE-2008-2938.json +++ b/2008/2xxx/CVE-2008-2938.json @@ -266,6 +266,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/3xxx/CVE-2008-3271.json b/2008/3xxx/CVE-2008-3271.json index 654e276090e..18d7c73fe0b 100644 --- a/2008/3xxx/CVE-2008-3271.json +++ b/2008/3xxx/CVE-2008-3271.json @@ -161,6 +161,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/3xxx/CVE-2008-3793.json b/2008/3xxx/CVE-2008-3793.json index 5abfebd631e..e7c47a5dac3 100644 --- a/2008/3xxx/CVE-2008-3793.json +++ b/2008/3xxx/CVE-2008-3793.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2008-3793", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-3793", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3792. Reason: This candidate is a duplicate of CVE-2008-3792. Notes: All CVE users should reference CVE-2008-3792 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2008/4xxx/CVE-2008-4308.json b/2008/4xxx/CVE-2008-4308.json index 9bca6c40678..42d0152ed88 100644 --- a/2008/4xxx/CVE-2008-4308.json +++ b/2008/4xxx/CVE-2008-4308.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/5xxx/CVE-2008-5515.json b/2008/5xxx/CVE-2008-5515.json index c7abc1ce161..c5daf0530b5 100644 --- a/2008/5xxx/CVE-2008-5515.json +++ b/2008/5xxx/CVE-2008-5515.json @@ -291,6 +291,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2008/5xxx/CVE-2008-5519.json b/2008/5xxx/CVE-2008-5519.json index ebf05ef21da..091b2cce2a4 100644 --- a/2008/5xxx/CVE-2008-5519.json +++ b/2008/5xxx/CVE-2008-5519.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0033.json b/2009/0xxx/CVE-2009-0033.json index 776d030ca04..820324c6ea1 100644 --- a/2009/0xxx/CVE-2009-0033.json +++ b/2009/0xxx/CVE-2009-0033.json @@ -296,6 +296,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0580.json b/2009/0xxx/CVE-2009-0580.json index 68474e7db4e..f6ec86d66f0 100644 --- a/2009/0xxx/CVE-2009-0580.json +++ b/2009/0xxx/CVE-2009-0580.json @@ -306,6 +306,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0781.json b/2009/0xxx/CVE-2009-0781.json index 93cf362f8af..30e0a88ff86 100644 --- a/2009/0xxx/CVE-2009-0781.json +++ b/2009/0xxx/CVE-2009-0781.json @@ -251,6 +251,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/0xxx/CVE-2009-0783.json b/2009/0xxx/CVE-2009-0783.json index 56169d035f1..3877deb4aff 100644 --- a/2009/0xxx/CVE-2009-0783.json +++ b/2009/0xxx/CVE-2009-0783.json @@ -291,6 +291,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/2xxx/CVE-2009-2693.json b/2009/2xxx/CVE-2009-2693.json index bc14e731fbb..a78d1f9753f 100644 --- a/2009/2xxx/CVE-2009-2693.json +++ b/2009/2xxx/CVE-2009-2693.json @@ -301,6 +301,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/2xxx/CVE-2009-2901.json b/2009/2xxx/CVE-2009-2901.json index 381cd004245..4fe95ec82f8 100644 --- a/2009/2xxx/CVE-2009-2901.json +++ b/2009/2xxx/CVE-2009-2901.json @@ -226,6 +226,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/2xxx/CVE-2009-2902.json b/2009/2xxx/CVE-2009-2902.json index c7cb717094f..cf6b756e326 100644 --- a/2009/2xxx/CVE-2009-2902.json +++ b/2009/2xxx/CVE-2009-2902.json @@ -301,6 +301,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/3xxx/CVE-2009-3548.json b/2009/3xxx/CVE-2009-3548.json index 59019a7ab34..bcee6b9fa63 100644 --- a/2009/3xxx/CVE-2009-3548.json +++ b/2009/3xxx/CVE-2009-3548.json @@ -196,6 +196,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/3xxx/CVE-2009-3555.json b/2009/3xxx/CVE-2009-3555.json index 2cfc8ea7c71..425f1c1709e 100644 --- a/2009/3xxx/CVE-2009-3555.json +++ b/2009/3xxx/CVE-2009-3555.json @@ -1596,6 +1596,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2009/4xxx/CVE-2009-4067.json b/2009/4xxx/CVE-2009-4067.json index 02022c062db..f0a4337f55c 100644 --- a/2009/4xxx/CVE-2009-4067.json +++ b/2009/4xxx/CVE-2009-4067.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4067", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_linux-usb-buffer-overflow_2009-10-29.pdf", + "url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_linux-usb-buffer-overflow_2009-10-29.pdf" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722393", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722393" } ] } diff --git a/2009/5xxx/CVE-2009-5139.json b/2009/5xxx/CVE-2009-5139.json index edae6bc35be..051548255c2 100644 --- a/2009/5xxx/CVE-2009-5139.json +++ b/2009/5xxx/CVE-2009-5139.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-5139", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a \"SIP Digest Leak\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf", + "url": "https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf" + }, + { + "refsource": "MISC", + "name": "http://voipsa.org/pipermail/voipsec_voipsa.org/2009-April/002946.html", + "url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2009-April/002946.html" } ] } diff --git a/2009/5xxx/CVE-2009-5140.json b/2009/5xxx/CVE-2009-5140.json index 1a429fcc517..178af4a7c6e 100644 --- a/2009/5xxx/CVE-2009-5140.json +++ b/2009/5xxx/CVE-2009-5140.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-5140", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a \"SIP Digest Leak\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf", + "url": "https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf" + }, + { + "refsource": "MISC", + "name": "http://voipsa.org/pipermail/voipsec_voipsa.org/2009-April/002946.html", + "url": "http://voipsa.org/pipermail/voipsec_voipsa.org/2009-April/002946.html" } ] } diff --git a/2010/1xxx/CVE-2010-1157.json b/2010/1xxx/CVE-2010-1157.json index 4f6fed28846..46b66aee15a 100644 --- a/2010/1xxx/CVE-2010-1157.json +++ b/2010/1xxx/CVE-2010-1157.json @@ -221,6 +221,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2010/2xxx/CVE-2010-2227.json b/2010/2xxx/CVE-2010-2227.json index b781275ae82..87de29d93fb 100644 --- a/2010/2xxx/CVE-2010-2227.json +++ b/2010/2xxx/CVE-2010-2227.json @@ -296,6 +296,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2010/3xxx/CVE-2010-3718.json b/2010/3xxx/CVE-2010-3718.json index c89d8afde94..78b6dd3ac18 100644 --- a/2010/3xxx/CVE-2010-3718.json +++ b/2010/3xxx/CVE-2010-3718.json @@ -216,6 +216,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2010/3xxx/CVE-2010-3798.json b/2010/3xxx/CVE-2010-3798.json index 3644af4bce6..89ec8decb98 100644 --- a/2010/3xxx/CVE-2010-3798.json +++ b/2010/3xxx/CVE-2010-3798.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-bbd24dd0cf", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-edf53cd770", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC/" } ] } diff --git a/2010/3xxx/CVE-2010-3917.json b/2010/3xxx/CVE-2010-3917.json index 650d6cfb583..f61586c40ec 100644 --- a/2010/3xxx/CVE-2010-3917.json +++ b/2010/3xxx/CVE-2010-3917.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2010-3917", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "before 3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN36765384/index.html", + "url": "http://jvn.jp/en/jp/JVN36765384/index.html" + }, + { + "refsource": "MISC", + "name": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000056.html", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000056.html" } ] } diff --git a/2010/4xxx/CVE-2010-4658.json b/2010/4xxx/CVE-2010-4658.json index d4ed968eda0..452d82475c1 100644 --- a/2010/4xxx/CVE-2010-4658.json +++ b/2010/4xxx/CVE-2010-4658.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4658", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "statusnet", + "version": { + "version_data": [ + { + "version_value": "through 2010" + } + ] + } + } + ] + }, + "vendor_name": "statusnet" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4658", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4658" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/01/25/13", + "url": "https://www.openwall.com/lists/oss-security/2011/01/25/13" } ] } diff --git a/2010/4xxx/CVE-2010-4662.json b/2010/4xxx/CVE-2010-4662.json index b83f120b7fa..fbc188ae99b 100644 --- a/2010/4xxx/CVE-2010-4662.json +++ b/2010/4xxx/CVE-2010-4662.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4662", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pmwiki", + "version": { + "version_data": [ + { + "version_value": "before 2.2.21" + } + ] + } + } + ] + }, + "vendor_name": "pmwiki" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PmWiki before 2.2.21 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2010-4662" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2011/02/23/23", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/02/23/23" } ] } diff --git a/2010/4xxx/CVE-2010-4815.json b/2010/4xxx/CVE-2010-4815.json index 625926c6813..e6cde4448c1 100644 --- a/2010/4xxx/CVE-2010-4815.json +++ b/2010/4xxx/CVE-2010-4815.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4815", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "coppermine gallery", + "version": { + "version_data": [ + { + "version_value": "before 1.4.26" + } + ] + } + } + ] + }, + "vendor_name": "coppermine gallery" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/19/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/19/7" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2010/q1/121", + "url": "https://seclists.org/oss-sec/2010/q1/121" + }, + { + "refsource": "MISC", + "name": "https://forum.coppermine-gallery.net/index.php/topic,63510.0.html", + "url": "https://forum.coppermine-gallery.net/index.php/topic,63510.0.html" } ] } diff --git a/2010/5xxx/CVE-2010-5304.json b/2010/5xxx/CVE-2010-5304.json index 52691b62dfd..5c44c090553 100644 --- a/2010/5xxx/CVE-2010-5304.json +++ b/2010/5xxx/CVE-2010-5304.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5304", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.html" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139814.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139814.html" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html" + }, + { + "url": "http://seclists.org/oss-sec/2014/q3/639", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q3/639" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/09/23/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/09/23/6" } ] } diff --git a/2011/0xxx/CVE-2011-0013.json b/2011/0xxx/CVE-2011-0013.json index 6dd1f14ea02..7b6ce8c7242 100644 --- a/2011/0xxx/CVE-2011-0013.json +++ b/2011/0xxx/CVE-2011-0013.json @@ -221,6 +221,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/0xxx/CVE-2011-0220.json b/2011/0xxx/CVE-2011-0220.json index 841563333de..4aedadd3692 100644 --- a/2011/0xxx/CVE-2011-0220.json +++ b/2011/0xxx/CVE-2011-0220.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "product-security@apple.com", "ID": "CVE-2011-0220", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bonjour", + "version": { + "version_data": [ + { + "version_value": "before 2011" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt", + "refsource": "MISC", + "name": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt" } ] } diff --git a/2011/0xxx/CVE-2011-0525.json b/2011/0xxx/CVE-2011-0525.json index 2bb7e573120..889fc6ffd7f 100644 --- a/2011/0xxx/CVE-2011-0525.json +++ b/2011/0xxx/CVE-2011-0525.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-0525", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Batavi", + "version": { + "version_data": [ + { + "version_value": "before 1.0" + } + ] + } + } + ] + }, + "vendor_name": "Batavi" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Batavi before 1.0 has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/cve/CVE-2011-0525", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2011-0525" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2011/01/27/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/01/27/3" } ] } diff --git a/2011/1xxx/CVE-2011-1009.json b/2011/1xxx/CVE-2011-1009.json index 8e372822822..4a2b858d8af 100644 --- a/2011/1xxx/CVE-2011-1009.json +++ b/2011/1xxx/CVE-2011-1009.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1009", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Vanilla Forums", + "version": { + "version_data": [ + { + "version_value": "2.0.17.1 through 2.0.17.5" + } + ] + } + } + ] + }, + "vendor_name": "Vanilla" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/02/22/14", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/02/22/14" } ] } diff --git a/2011/1xxx/CVE-2011-1069.json b/2011/1xxx/CVE-2011-1069.json index 18b9bafa655..2b58740065d 100644 --- a/2011/1xxx/CVE-2011-1069.json +++ b/2011/1xxx/CVE-2011-1069.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1069", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHPShop", + "version": { + "version_data": [ + { + "version_value": "through 0.8.1" + } + ] + } + } + ] + }, + "vendor_name": "PHPShop" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPShop through 0.8.1 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/02/28/9", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/02/28/9" } ] } diff --git a/2011/1xxx/CVE-2011-1084.json b/2011/1xxx/CVE-2011-1084.json index eb021cef670..686e5819910 100644 --- a/2011/1xxx/CVE-2011-1084.json +++ b/2011/1xxx/CVE-2011-1084.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1084", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Smoothwall", + "product": { + "product_data": [ + { + "product_name": "Smoothwall Express", + "version": { + "version_data": [ + { + "version_value": "3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Smoothwall Express 3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/03/03/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/03/7" } ] } diff --git a/2011/1xxx/CVE-2011-1085.json b/2011/1xxx/CVE-2011-1085.json index b72cb9cac50..5427f7a120a 100644 --- a/2011/1xxx/CVE-2011-1085.json +++ b/2011/1xxx/CVE-2011-1085.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1085", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Smoothwall", + "product": { + "product_data": [ + { + "product_name": "Smoothwall Express", + "version": { + "version_data": [ + { + "version_value": "3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF vulnerability in Smoothwall Express 3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/03/03/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/03/7" } ] } diff --git a/2011/1xxx/CVE-2011-1086.json b/2011/1xxx/CVE-2011-1086.json index 238e522b384..7f1eb600dc2 100644 --- a/2011/1xxx/CVE-2011-1086.json +++ b/2011/1xxx/CVE-2011-1086.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1086", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Openfiler", + "product": { + "product_data": [ + { + "product_name": "Openfiler", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/03/03/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/03/7" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20111223190840/http://secunia.com/advisories/42507/", + "url": "https://web.archive.org/web/20111223190840/http://secunia.com/advisories/42507/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/35125", + "url": "https://www.exploit-db.com/exploits/35125" } ] } diff --git a/2011/1xxx/CVE-2011-1150.json b/2011/1xxx/CVE-2011-1150.json index e3748216a1b..e262d303fcd 100644 --- a/2011/1xxx/CVE-2011-1150.json +++ b/2011/1xxx/CVE-2011-1150.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1150", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bbPress", + "version": { + "version_data": [ + { + "version_value": "through 1.0.2" + } + ] + } + } + ] + }, + "vendor_name": "bbPress" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/03/14/20", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/14/20" } ] } diff --git a/2011/1xxx/CVE-2011-1151.json b/2011/1xxx/CVE-2011-1151.json index 3193407de89..7f72ffdd694 100644 --- a/2011/1xxx/CVE-2011-1151.json +++ b/2011/1xxx/CVE-2011-1151.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1151", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "1.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Joomla!" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/03/14/21", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/14/21" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html", + "url": "https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html" } ] } diff --git a/2011/1xxx/CVE-2011-1184.json b/2011/1xxx/CVE-2011-1184.json index f924d3d9fc1..1a82d3803f0 100644 --- a/2011/1xxx/CVE-2011-1184.json +++ b/2011/1xxx/CVE-2011-1184.json @@ -186,6 +186,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/1xxx/CVE-2011-1517.json b/2011/1xxx/CVE-2011-1517.json index 7b7bcf66aad..2282442dc2d 100644 --- a/2011/1xxx/CVE-2011-1517.json +++ b/2011/1xxx/CVE-2011-1517.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1517", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/53424", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/53424" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75452", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75452" + }, + { + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0061.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0061.html" } ] } diff --git a/2011/1xxx/CVE-2011-1596.json b/2011/1xxx/CVE-2011-1596.json index d921cd328ae..616bd1bdec2 100644 --- a/2011/1xxx/CVE-2011-1596.json +++ b/2011/1xxx/CVE-2011-1596.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2011-1596", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-1596", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2011/1xxx/CVE-2011-1597.json b/2011/1xxx/CVE-2011-1597.json index cf6c64c508c..083eaf48ac7 100644 --- a/2011/1xxx/CVE-2011-1597.json +++ b/2011/1xxx/CVE-2011-1597.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1597", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Manager", + "version": { + "version_data": [ + { + "version_value": "v2.0.3" + } + ] + } + } + ] + }, + "vendor_name": "OpenVAS" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenVAS Manager v2.0.3 allows plugin remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/04/20/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/04/20/5" } ] } diff --git a/2011/2xxx/CVE-2011-2204.json b/2011/2xxx/CVE-2011-2204.json index 384261b360c..242a72f1adc 100644 --- a/2011/2xxx/CVE-2011-2204.json +++ b/2011/2xxx/CVE-2011-2204.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/2xxx/CVE-2011-2343.json b/2011/2xxx/CVE-2011-2343.json index 0477ede1f82..d53daf22aa2 100644 --- a/2011/2xxx/CVE-2011-2343.json +++ b/2011/2xxx/CVE-2011-2343.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2011-2343", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "access to sensitive information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://code.google.com/p/android/issues/detail?id=21347", + "url": "https://code.google.com/p/android/issues/detail?id=21347" + }, + { + "url": "https://deepsec.net/docs/Slides/2013/DeepSec_2013_Jaime_Sanchez_-_Building_The_First_Android_IDS_On_Network_Level.pdf", + "refsource": "MISC", + "name": "https://deepsec.net/docs/Slides/2013/DeepSec_2013_Jaime_Sanchez_-_Building_The_First_Android_IDS_On_Network_Level.pdf" } ] } diff --git a/2011/2xxx/CVE-2011-2499.json b/2011/2xxx/CVE-2011-2499.json index ba456b62da5..b0594209f5c 100644 --- a/2011/2xxx/CVE-2011-2499.json +++ b/2011/2xxx/CVE-2011-2499.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2499", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mambo", + "product": { + "product_data": [ + { + "product_name": "CMS", + "version": { + "version_data": [ + { + "version_value": "through 4.6.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mambo CMS through 4.6.5 has multiple XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities", + "url": "https://www.openwall.com/lists/oss-security/2011/06/28/15" } ] } diff --git a/2011/2xxx/CVE-2011-2526.json b/2011/2xxx/CVE-2011-2526.json index 4fdd72da60e..8dfb27a7eec 100644 --- a/2011/2xxx/CVE-2011-2526.json +++ b/2011/2xxx/CVE-2011-2526.json @@ -236,6 +236,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/2xxx/CVE-2011-2729.json b/2011/2xxx/CVE-2011-2729.json index ae8147d5190..4e70dab3fb3 100644 --- a/2011/2xxx/CVE-2011-2729.json +++ b/2011/2xxx/CVE-2011-2729.json @@ -211,6 +211,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/3xxx/CVE-2011-3190.json b/2011/3xxx/CVE-2011-3190.json index 08707ef3b1c..5a42cd184fb 100644 --- a/2011/3xxx/CVE-2011-3190.json +++ b/2011/3xxx/CVE-2011-3190.json @@ -171,6 +171,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/3xxx/CVE-2011-3336.json b/2011/3xxx/CVE-2011-3336.json index 0acb7773637..69473cc4565 100644 --- a/2011/3xxx/CVE-2011-3336.json +++ b/2011/3xxx/CVE-2011-3336.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2011-3336", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_value": "through 2011" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20140314 MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service", + "url": "http://seclists.org/fulldisclosure/2014/Mar/166" + }, + { + "refsource": "BID", + "name": "50541", + "url": "http://www.securityfocus.com/bid/50541" + }, + { + "refsource": "BUGTRAQ", + "name": "20111104 Multiple BSD libc/regcomp(3) Multiple Vulnerabilities", + "url": "https://www.securityfocus.com/archive/1/520390" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2011110082", + "url": "https://cxsecurity.com/issue/WLB-2011110082" } ] } diff --git a/2011/3xxx/CVE-2011-3556.json b/2011/3xxx/CVE-2011-3556.json index dc9aae119e8..402e4e5f956 100644 --- a/2011/3xxx/CVE-2011-3556.json +++ b/2011/3xxx/CVE-2011-3556.json @@ -186,6 +186,11 @@ "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", "refsource": "CONFIRM", "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + }, + { + "refsource": "CERT-VN", + "name": "VU#597809", + "url": "https://www.kb.cert.org/vuls/id/597809" } ] } diff --git a/2011/3xxx/CVE-2011-3629.json b/2011/3xxx/CVE-2011-3629.json index 5cd91b21088..23d8d6144b5 100644 --- a/2011/3xxx/CVE-2011-3629.json +++ b/2011/3xxx/CVE-2011-3629.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3629", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Joomla! core", + "version": { + "version_data": [ + { + "version_value": "1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "Joomla!" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! core 1.7.1 allows information disclosure due to weak encryption" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/02/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/02/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/02/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/02/8" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/28/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/28/6" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/370-20111001-core-information-disclosure", + "url": "https://developer.joomla.org/security/news/370-20111001-core-information-disclosure" } ] } diff --git a/2011/3xxx/CVE-2011-3642.json b/2011/3xxx/CVE-2011-3642.json index fac2f447f40..ff72c2dadbd 100644 --- a/2011/3xxx/CVE-2011-3642.json +++ b/2011/3xxx/CVE-2011-3642.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3642", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,96 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://web.appsec.ws/FlashExploitDatabase.php", + "url": "http://web.appsec.ws/FlashExploitDatabase.php" + }, + { + "refsource": "MISC", + "name": "http://appsec.ws/Presentations/FlashFlooding.pdf", + "url": "http://appsec.ws/Presentations/FlashFlooding.pdf" + }, + { + "refsource": "MISC", + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009" + }, + { + "refsource": "MISC", + "name": "https://code.google.com/p/flowplayer-core/issues/detail?id=441", + "url": "https://code.google.com/p/flowplayer-core/issues/detail?id=441" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=5237", + "url": "https://mahara.org/interaction/forum/topic.php?id=5237" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/52074", + "url": "http://secunia.com/advisories/52074" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/54206", + "url": "http://secunia.com/advisories/54206" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/58854", + "url": "http://secunia.com/advisories/58854" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/48651", + "url": "https://www.securityfocus.com/bid/48651" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1103748", + "url": "https://bugs.launchpad.net/mahara/+bug/1103748" } ] } diff --git a/2011/3xxx/CVE-2011-3901.json b/2011/3xxx/CVE-2011-3901.json index fc5756be590..21c1fb39255 100644 --- a/2011/3xxx/CVE-2011-3901.json +++ b/2011/3xxx/CVE-2011-3901.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2011-3901", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "2.3.7" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Android SQLite Journal before 4.0.1 has an information disclosure vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "53380", + "url": "http://www.securityfocus.com/bid/53380" + }, + { + "refsource": "FULLDISC", + "name": "20120503 Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901)", + "url": "https://seclists.org/fulldisclosure/2012/May/19" } ] } diff --git a/2011/4xxx/CVE-2011-4338.json b/2011/4xxx/CVE-2011-4338.json index 65b5fd30319..637e3775d6c 100644 --- a/2011/4xxx/CVE-2011-4338.json +++ b/2011/4xxx/CVE-2011-4338.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4338", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "shaman", + "version": { + "version_data": [ + { + "version_value": "1.0.9" + } + ] + } + } + ] + }, + "vendor_name": "shaman" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authorization error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/11/22/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/11/22/4" + }, + { + "refsource": "MISC", + "name": "https://bbs.archlinux.org/viewtopic.php?id=64066&p=1", + "url": "https://bbs.archlinux.org/viewtopic.php?id=64066&p=1" } ] } diff --git a/2011/4xxx/CVE-2011-4661.json b/2011/4xxx/CVE-2011-4661.json index 720fac598a7..005b4b4e396 100644 --- a/2011/4xxx/CVE-2011-4661.json +++ b/2011/4xxx/CVE-2011-4661.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-4661", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IOS", + "version": { + "version_data": [ + { + "version_value": "before 15.2(1)T" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1TCAVS.html", + "refsource": "MISC", + "name": "https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1TCAVS.html" } ] } diff --git a/2011/4xxx/CVE-2011-4906.json b/2011/4xxx/CVE-2011-4906.json index 3aea9fa859b..cd0d93d219e 100644 --- a/2011/4xxx/CVE-2011-4906.json +++ b/2011/4xxx/CVE-2011-4906.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4906", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Tiny browser included with TinyMCE 3.0", + "version": { + "version_data": [ + { + "version_value": "1.5.12" + }, + { + "version_value": "fixed in 1.5.13" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary PHP Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/12/25/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/12/25/7" + }, + { + "refsource": "CONFIRM", + "name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html", + "url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "10183", + "url": "https://www.exploit-db.com/exploits/10183" } ] } diff --git a/2011/4xxx/CVE-2011-4908.json b/2011/4xxx/CVE-2011-4908.json index dd218639ff8..f69a87a83c8 100644 --- a/2011/4xxx/CVE-2011-4908.json +++ b/2011/4xxx/CVE-2011-4908.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4908", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "TinyBrowser Plugin", + "version": { + "version_data": [ + { + "version_value": "1.5.12" + }, + { + "version_value": "fixed in 1.5.13" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues", + "url": "https://www.openwall.com/lists/oss-security/2011/12/25/7" + }, + { + "refsource": "MISC", + "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908", + "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2011-4908" + }, + { + "refsource": "EXPLOIT-DB", + "name": "9926", + "url": "https://www.exploit-db.com/exploits/9926" } ] } diff --git a/2011/4xxx/CVE-2011-4912.json b/2011/4xxx/CVE-2011-4912.json index d167cd8e056..b5be6e09f68 100644 --- a/2011/4xxx/CVE-2011-4912.json +++ b/2011/4xxx/CVE-2011-4912.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4912", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "All 1.5.x prior to and including 1.5.13" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mail timeout bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/12/25/9", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/12/25/9" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html", + "url": "https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html" } ] } diff --git a/2011/4xxx/CVE-2011-4937.json b/2011/4xxx/CVE-2011-4937.json index 573432d0f14..ca71ec1ba22 100644 --- a/2011/4xxx/CVE-2011-4937.json +++ b/2011/4xxx/CVE-2011-4937.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4937", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "Joomla!" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! 1.7.1 has core information disclosure due to inadequate error checking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/02/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/02/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/28/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/28/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/02/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/02/1" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html", + "url": "https://developer.joomla.org/security/news/371-20111002-core-information-disclosure.html" } ] } diff --git a/2011/4xxx/CVE-2011-4938.json b/2011/4xxx/CVE-2011-4938.json index 7f22cfed613..a41b0ee1763 100644 --- a/2011/4xxx/CVE-2011-4938.json +++ b/2011/4xxx/CVE-2011-4938.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4938", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ariadne", + "product": { + "product_data": [ + { + "product_name": "Ariadne", + "version": { + "version_data": [ + { + "version_value": "2.7.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.rul3z.de/advisories/SSCHADV2011-038.txt", + "url": "http://www.rul3z.de/advisories/SSCHADV2011-038.txt" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/09/4", + "url": "http://www.openwall.com/lists/oss-security/2012/03/09/4" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/10/6", + "url": "http://www.openwall.com/lists/oss-security/2012/03/10/6" + }, + { + "refsource": "MISC", + "name": "http://bugs.ariadne-cms.org/view.php?id=277", + "url": "http://bugs.ariadne-cms.org/view.php?id=277" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2011/Dec/7", + "url": "https://seclists.org/bugtraq/2011/Dec/7" } ] } diff --git a/2011/5xxx/CVE-2011-5062.json b/2011/5xxx/CVE-2011-5062.json index a810f7193f3..cb6beae865d 100644 --- a/2011/5xxx/CVE-2011-5062.json +++ b/2011/5xxx/CVE-2011-5062.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/5xxx/CVE-2011-5063.json b/2011/5xxx/CVE-2011-5063.json index 778313b64f5..5fe08017118 100644 --- a/2011/5xxx/CVE-2011-5063.json +++ b/2011/5xxx/CVE-2011-5063.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2011/5xxx/CVE-2011-5064.json b/2011/5xxx/CVE-2011-5064.json index f7b3cf26679..9ec2a0a4a62 100644 --- a/2011/5xxx/CVE-2011-5064.json +++ b/2011/5xxx/CVE-2011-5064.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2012/0xxx/CVE-2012-0022.json b/2012/0xxx/CVE-2012-0022.json index 8c06cd07ec1..133f8c9fd08 100644 --- a/2012/0xxx/CVE-2012-0022.json +++ b/2012/0xxx/CVE-2012-0022.json @@ -221,6 +221,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2012/0xxx/CVE-2012-0810.json b/2012/0xxx/CVE-2012-0810.json index e49be7ba26c..6888d89ae82 100644 --- a/2012/0xxx/CVE-2012-0810.json +++ b/2012/0xxx/CVE-2012-0810.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0810", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux Foundation", + "product": { + "product_data": [ + { + "product_name": "Linux kernel", + "version": { + "version_data": [ + { + "version_value": "before 3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=794557", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=794557" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463" } ] } diff --git a/2012/0xxx/CVE-2012-0951.json b/2012/0xxx/CVE-2012-0951.json index 8477a705ac5..359aada6175 100644 --- a/2012/0xxx/CVE-2012-0951.json +++ b/2012/0xxx/CVE-2012-0951.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@ubuntu.com", "ID": "CVE-2012-0951", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "graphics drivers", + "version": { + "version_data": [ + { + "version_value": "29549" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unknown" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html", + "refsource": "MISC", + "name": "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.10060", + "url": "https://vuldb.com/?id.10060" } ] } diff --git a/2012/1xxx/CVE-2012-1124.json b/2012/1xxx/CVE-2012-1124.json index 129d9f40c49..e6637b64517 100644 --- a/2012/1xxx/CVE-2012-1124.json +++ b/2012/1xxx/CVE-2012-1124.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1124", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "phxEventManager", + "product": { + "product_data": [ + { + "product_name": "phxEventManager", + "version": { + "version_data": [ + { + "version_value": "2.0 beta 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109", + "url": "http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2012/Mar/4", + "url": "http://seclists.org/fulldisclosure/2012/Mar/4" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/06/10", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/10" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/18549", + "url": "http://www.exploit-db.com/exploits/18549" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/06/2", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/2" } ] } diff --git a/2012/1xxx/CVE-2012-1500.json b/2012/1xxx/CVE-2012-1500.json index b1ccd6fccb0..a58ff58e57f 100644 --- a/2012/1xxx/CVE-2012-1500.json +++ b/2012/1xxx/CVE-2012-1500.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1500", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html", + "url": "https://web.archive.org/web/20121014055829/http://www.cloudscan.me/2012/09/cve-2012-1500-ghs-5375-ghs-5642.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "21052", + "url": "https://www.exploit-db.com/exploits/21052" } ] } diff --git a/2012/1xxx/CVE-2012-1566.json b/2012/1xxx/CVE-2012-1566.json index c4a70fc80fa..55524560df5 100644 --- a/2012/1xxx/CVE-2012-1566.json +++ b/2012/1xxx/CVE-2012-1566.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1566", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LinuxMint", + "product": { + "product_data": [ + { + "product_name": "Mint", + "version": { + "version_data": [ + { + "version_value": "2012-03-19" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/14", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/14" } ] } diff --git a/2012/1xxx/CVE-2012-1567.json b/2012/1xxx/CVE-2012-1567.json index ce315cf324b..e1a708d5c29 100644 --- a/2012/1xxx/CVE-2012-1567.json +++ b/2012/1xxx/CVE-2012-1567.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1567", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LinuxMint", + "product": { + "product_data": [ + { + "product_name": "Mint", + "version": { + "version_data": [ + { + "version_value": "2012-03-19" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/14", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/14" + }, + { + "refsource": "MISC", + "name": "https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444", + "url": "https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444" } ] } diff --git a/2012/1xxx/CVE-2012-1695.json b/2012/1xxx/CVE-2012-1695.json index df6a09d5e3e..7fb84e9453f 100644 --- a/2012/1xxx/CVE-2012-1695.json +++ b/2012/1xxx/CVE-2012-1695.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -38,6 +39,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2012/1xxx/CVE-2012-1903.json b/2012/1xxx/CVE-2012-1903.json index 34af9f14606..572666c8626 100644 --- a/2012/1xxx/CVE-2012-1903.json +++ b/2012/1xxx/CVE-2012-1903.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1903", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20160317182930/http://www.cloudscan.me/2013/03/cve-2012-1903-stored-xss-javascript.html", + "url": "https://web.archive.org/web/20160317182930/http://www.cloudscan.me/2013/03/cve-2012-1903-stored-xss-javascript.html" } ] } diff --git a/2012/1xxx/CVE-2012-1994.json b/2012/1xxx/CVE-2012-1994.json index 237cdfcf7c0..f3db3d985f7 100644 --- a/2012/1xxx/CVE-2012-1994.json +++ b/2012/1xxx/CVE-2012-1994.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2012-1994", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP Systems Insight Manager", + "version": { + "version_data": [ + { + "version_value": "before 7.0" + } + ] + } + } + ] + }, + "vendor_name": "HP" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/53315", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/53315" + }, + { + "url": "http://www.securitytracker.com/id?1026987", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1026987" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75294", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75294" } ] } diff --git a/2012/2xxx/CVE-2012-2204.json b/2012/2xxx/CVE-2012-2204.json index 023a1641c16..4f8b773eadd 100644 --- a/2012/2xxx/CVE-2012-2204.json +++ b/2012/2xxx/CVE-2012-2204.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2204", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Guardium", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "InfoSphere" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "InfoSphere Guardium aix_ktap module: DoS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76968", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76968" } ] } diff --git a/2012/2xxx/CVE-2012-2216.json b/2012/2xxx/CVE-2012-2216.json index 60fef566c8f..4669c7b0f36 100644 --- a/2012/2xxx/CVE-2012-2216.json +++ b/2012/2xxx/CVE-2012-2216.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-2216", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2216", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6720 and CVE-2012-6721. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2012-6720 and CVE-2012-6721 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2012/2xxx/CVE-2012-2452.json b/2012/2xxx/CVE-2012-2452.json index 1a723d9e9dc..0c90dd9cb2b 100644 --- a/2012/2xxx/CVE-2012-2452.json +++ b/2012/2xxx/CVE-2012-2452.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2452", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23090", + "url": "https://www.htbridge.com/advisory/HTB23090" + }, + { + "refsource": "MISC", + "name": "http://www.pragmamx.org/Forum-topic-33554.html", + "url": "http://www.pragmamx.org/Forum-topic-33554.html" + }, + { + "refsource": "MISC", + "name": "http://www.pragmamx.org/News-pragmaMx-1.12-Servicepack2-item-706.html", + "url": "http://www.pragmamx.org/News-pragmaMx-1.12-Servicepack2-item-706.html" } ] } diff --git a/2012/2xxx/CVE-2012-2517.json b/2012/2xxx/CVE-2012-2517.json index 1f2ccf64445..9d6c0f954bd 100644 --- a/2012/2xxx/CVE-2012-2517.json +++ b/2012/2xxx/CVE-2012-2517.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2517", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23091", + "url": "https://www.htbridge.com/advisory/HTB23091" + }, + { + "refsource": "MISC", + "name": "https://www.prestashop.com/download/old/changelog_1.4.9.0.txt", + "url": "https://www.prestashop.com/download/old/changelog_1.4.9.0.txt" } ] } diff --git a/2012/2xxx/CVE-2012-2593.json b/2012/2xxx/CVE-2012-2593.json index 824602ecc47..0b1f0dad127 100644 --- a/2012/2xxx/CVE-2012-2593.json +++ b/2012/2xxx/CVE-2012-2593.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2012-2593", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atmail", + "product": { + "product_data": [ + { + "product_name": "Atmail Webmail Server", + "version": { + "version_data": [ + { + "version_value": "6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/20009", + "url": "http://www.exploit-db.com/exploits/20009" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/54630", + "url": "http://www.securityfocus.com/bid/54630" } ] } diff --git a/2012/3xxx/CVE-2012-3544.json b/2012/3xxx/CVE-2012-3544.json index 47a67fbfe9b..10c5bc638ae 100644 --- a/2012/3xxx/CVE-2012-3544.json +++ b/2012/3xxx/CVE-2012-3544.json @@ -151,6 +151,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2012/4xxx/CVE-2012-4029.json b/2012/4xxx/CVE-2012-4029.json index d57907d727f..9a86572160f 100644 --- a/2012/4xxx/CVE-2012-4029.json +++ b/2012/4xxx/CVE-2012-4029.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4029", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/115927/Chamilo-1.8.8.4-XSS-File-Deletion.html", + "url": "https://packetstormsecurity.com/files/115927/Chamilo-1.8.8.4-XSS-File-Deletion.html" + }, + { + "refsource": "MISC", + "name": "http://support.chamilo.org/attachments/download/2863/chamilo-1.8.8.4-to-1.8.8.6.patch", + "url": "http://support.chamilo.org/attachments/download/2863/chamilo-1.8.8.4-to-1.8.8.6.patch" + }, + { + "refsource": "MISC", + "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-7-2012-07-16-Moderate-risk-Several-moderate-security-flaws", + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-7-2012-07-16-Moderate-risk-Several-moderate-security-flaws" } ] } diff --git a/2012/4xxx/CVE-2012-4381.json b/2012/4xxx/CVE-2012-4381.json index b746e97fcfa..2037ea091eb 100644 --- a/2012/4xxx/CVE-2012-4381.json +++ b/2012/4xxx/CVE-2012-4381.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4381", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,84 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "before 1.18.5" + }, + { + "version_value": "1.19.x before 1.19.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330" + }, + { + "refsource": "MISC", + "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/08/31/6", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/6" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/08/31/10", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/10" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853442", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853442" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T41184", + "url": "https://phabricator.wikimedia.org/T41184" + }, + { + "refsource": "MISC", + "name": "http://osvdb.org/show/osvdb/85106", + "url": "http://osvdb.org/show/osvdb/85106" } ] } diff --git a/2012/4xxx/CVE-2012-4512.json b/2012/4xxx/CVE-2012-4512.json index 710d66eef00..b187bd20a6a 100644 --- a/2012/4xxx/CVE-2012-4512.json +++ b/2012/4xxx/CVE-2012-4512.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4512", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,101 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to \"type confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDE", + "product": { + "product_data": [ + { + "product_name": "Konqueror", + "version": { + "version_data": [ + { + "version_value": "4.7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc", + "url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc" + }, + { + "refsource": "MISC", + "name": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html", + "url": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html" + }, + { + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/10/11/11", + "url": "http://www.openwall.com/lists/oss-security/2012/10/11/11" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/10/30/6", + "url": "http://www.openwall.com/lists/oss-security/2012/10/30/6" + }, + { + "refsource": "MISC", + "name": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352", + "url": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2012-1416.html", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2012-1418.html", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html" + }, + { + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1027709", + "url": "http://www.securitytracker.com/id?1027709" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/51097", + "url": "http://secunia.com/advisories/51097" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/51145", + "url": "http://secunia.com/advisories/51145" } ] } diff --git a/2012/4xxx/CVE-2012-4519.json b/2012/4xxx/CVE-2012-4519.json index baa3c3fe07f..17dda8bb16e 100644 --- a/2012/4xxx/CVE-2012-4519.json +++ b/2012/4xxx/CVE-2012-4519.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4519", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zenphoto", + "product": { + "product_data": [ + { + "product_name": "Zenphoto", + "version": { + "version_data": [ + { + "version_value": "before 1.4.3.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/10/11/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/10/11/10" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/10/19", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/10/19" } ] } diff --git a/2012/5xxx/CVE-2012-5570.json b/2012/5xxx/CVE-2012-5570.json index 7b5a8102777..d47db1f534f 100644 --- a/2012/5xxx/CVE-2012-5570.json +++ b/2012/5xxx/CVE-2012-5570.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5570", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the \"access basic_webmail\" permission to read arbitrary users' email addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Basic webmail module", + "version": { + "version_data": [ + { + "version_value": "6.x-1.x before 6.x-1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/20/4", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/27/2", + "url": "http://www.openwall.com/lists/oss-security/2012/11/27/2" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/1808616", + "url": "https://drupal.org/node/1808616" + }, + { + "refsource": "CONFIRM", + "name": "https://www.drupal.org/node/1808852", + "url": "https://www.drupal.org/node/1808852" } ] } diff --git a/2012/5xxx/CVE-2012-5618.json b/2012/5xxx/CVE-2012-5618.json index 3798d6b9470..5aa37202d03 100644 --- a/2012/5xxx/CVE-2012-5618.json +++ b/2012/5xxx/CVE-2012-5618.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5618", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ushahidi", + "product": { + "product_data": [ + { + "product_name": "Ushahidi", + "version": { + "version_data": [ + { + "version_value": "before 2.6.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient entropy" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/04/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/04/1" + }, + { + "url": "https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e", + "refsource": "MISC", + "name": "https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e" } ] } diff --git a/2012/5xxx/CVE-2012-5623.json b/2012/5xxx/CVE-2012-5623.json index 48e99d398fe..8bac144f3ea 100644 --- a/2012/5xxx/CVE-2012-5623.json +++ b/2012/5xxx/CVE-2012-5623.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5623", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Squirrelmail", + "product": { + "product_data": [ + { + "product_name": "Squirrelmail", + "version": { + "version_data": [ + { + "version_value": "4.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use of deprecated algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20121203 Re: Strange CVE situation (at least one ID should come of this)", + "url": "http://www.openwall.com/lists/oss-security/2012/12/04/6" } ] } diff --git a/2012/5xxx/CVE-2012-5686.json b/2012/5xxx/CVE-2012-5686.json index 84b7efcf151..cc368ac0687 100644 --- a/2012/5xxx/CVE-2012-5686.json +++ b/2012/5xxx/CVE-2012-5686.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5686", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZPanel 10.0.1 has insufficient entropy for its password reset process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56400", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56400" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79841", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79841" } ] } diff --git a/2012/5xxx/CVE-2012-5828.json b/2012/5xxx/CVE-2012-5828.json index d21f99f1b5b..8aba985e0cb 100644 --- a/2012/5xxx/CVE-2012-5828.json +++ b/2012/5xxx/CVE-2012-5828.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5828", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56793", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56793" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80555", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80555" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2012-5828", + "url": "https://packetstormsecurity.com/files/cve/CVE-2012-5828" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/524893/30/9240/flat", + "url": "https://www.securityfocus.com/archive/1/524893/30/9240/flat" } ] } diff --git a/2012/6xxx/CVE-2012-6091.json b/2012/6xxx/CVE-2012-6091.json index 988f0d710b2..e6d2c9a298f 100644 --- a/2012/6xxx/CVE-2012-6091.json +++ b/2012/6xxx/CVE-2012-6091.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6091", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento", + "version": { + "version_data": [ + { + "version_value": "1.7.0.1" + }, + { + "version_value": "fixed in 1.7.0.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "57140", + "url": "http://www.securityfocus.com/bid/57140" + }, + { + "refsource": "XF", + "name": "80973", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80973" + }, + { + "refsource": "MLIST", + "name": "MLIST: [oss-security] 20130103 Re: CVE request (maybe): magento before 1.7.0.2", + "url": "http://www.openwall.com/lists/oss-security/2013/01/03/10" } ] } diff --git a/2012/6xxx/CVE-2012-6297.json b/2012/6xxx/CVE-2012-6297.json index 95178c2067e..a89dfd04b81 100644 --- a/2012/6xxx/CVE-2012-6297.json +++ b/2012/6xxx/CVE-2012-6297.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6297", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2012-6297", + "url": "https://packetstormsecurity.com/files/cve/CVE-2012-6297" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.9527", + "url": "https://vuldb.com/?id.9527" + }, + { + "refsource": "FULLDISC", + "name": "[CVE-2012-6297] DD-WRT v24-sp2 Command Injection", + "url": "https://seclists.org/fulldisclosure/2013/Oct/241" + }, + { + "refsource": "BUGTRAQ", + "name": "CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2", + "url": "https://lists.openwall.net/bugtraq/2013/07/12/2" } ] } diff --git a/2012/6xxx/CVE-2012-6306.json b/2012/6xxx/CVE-2012-6306.json index c5f5bcdf3cd..e85b142890f 100644 --- a/2012/6xxx/CVE-2012-6306.json +++ b/2012/6xxx/CVE-2012-6306.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6306", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/10/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/10/3" + }, + { + "refsource": "MISC", + "name": "https://marc.info/?l=oss-security&m=135516610818927&w=2", + "url": "https://marc.info/?l=oss-security&m=135516610818927&w=2" } ] } diff --git a/2012/6xxx/CVE-2012-6307.json b/2012/6xxx/CVE-2012-6307.json index bf5a45a1126..8265a30ba61 100644 --- a/2012/6xxx/CVE-2012-6307.json +++ b/2012/6xxx/CVE-2012-6307.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6307", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/21739/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/21739/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/10/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/10/4" } ] } diff --git a/2012/6xxx/CVE-2012-6309.json b/2012/6xxx/CVE-2012-6309.json index 2ac0305247e..55914b2813a 100644 --- a/2012/6xxx/CVE-2012-6309.json +++ b/2012/6xxx/CVE-2012-6309.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6309", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/10/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/10/5" } ] } diff --git a/2012/6xxx/CVE-2012-6340.json b/2012/6xxx/CVE-2012-6340.json index 7756dca8c3b..5dade5c7237 100644 --- a/2012/6xxx/CVE-2012-6340.json +++ b/2012/6xxx/CVE-2012-6340.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6340", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.7180", + "url": "https://vuldb.com/?id.7180" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/118854/Netgear-WGR614-Credential-Information.html", + "url": "https://packetstormsecurity.com/files/118854/Netgear-WGR614-Credential-Information.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/525042", + "url": "https://www.securityfocus.com/archive/1/525042" } ] } diff --git a/2012/6xxx/CVE-2012-6341.json b/2012/6xxx/CVE-2012-6341.json index 0441d86af7f..443976eae2a 100644 --- a/2012/6xxx/CVE-2012-6341.json +++ b/2012/6xxx/CVE-2012-6341.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6341", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/525042", + "url": "https://www.securityfocus.com/archive/1/525042" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/date/2012-12-14/", + "url": "https://packetstormsecurity.com/files/date/2012-12-14/" } ] } diff --git a/2012/6xxx/CVE-2012-6449.json b/2012/6xxx/CVE-2012-6449.json index cbf76f13557..a163144e497 100644 --- a/2012/6xxx/CVE-2012-6449.json +++ b/2012/6xxx/CVE-2012-6449.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6449", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html" } ] } diff --git a/2012/6xxx/CVE-2012-6611.json b/2012/6xxx/CVE-2012-6611.json index dd43c4d9cef..0a5f72a4ccd 100644 --- a/2012/6xxx/CVE-2012-6611.json +++ b/2012/6xxx/CVE-2012-6611.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6611", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html", + "url": "https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/43032", + "url": "https://www.exploit-db.com/exploits/43032" } ] } diff --git a/2012/6xxx/CVE-2012-6666.json b/2012/6xxx/CVE-2012-6666.json index 6ba4fb94e23..939bfa692ef 100644 --- a/2012/6xxx/CVE-2012-6666.json +++ b/2012/6xxx/CVE-2012-6666.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6666", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/37944", + "url": "https://www.exploit-db.com/exploits/37944" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/55908", + "url": "https://www.securityfocus.com/bid/55908" } ] } diff --git a/2012/6xxx/CVE-2012-6686.json b/2012/6xxx/CVE-2012-6686.json index 92ab905a970..dfbdcfb2a70 100644 --- a/2012/6xxx/CVE-2012-6686.json +++ b/2012/6xxx/CVE-2012-6686.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-6686", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6686", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4357. Reason: This candidate is a duplicate of CVE-2013-4357. Notes: All CVE users should reference CVE-2013-4357 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2012/6xxx/CVE-2012-6720.json b/2012/6xxx/CVE-2012-6720.json new file mode 100644 index 00000000000..a1630cfbeab --- /dev/null +++ b/2012/6xxx/CVE-2012-6720.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6720", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2012/q2/396", + "url": "http://seclists.org/oss-sec/2012/q2/396" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6721.json b/2012/6xxx/CVE-2012-6721.json new file mode 100644 index 00000000000..9d4ab82cf09 --- /dev/null +++ b/2012/6xxx/CVE-2012-6721.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6721", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2012/q2/396", + "url": "https://seclists.org/oss-sec/2012/q2/396" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0192.json b/2013/0xxx/CVE-2013-0192.json index 30eb3bc8403..8373dadfc7b 100644 --- a/2013/0xxx/CVE-2013-0192.json +++ b/2013/0xxx/CVE-2013-0192.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0192", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SMF", + "product": { + "product_data": [ + { + "product_name": "SMF", + "version": { + "version_data": [ + { + "version_value": "<= 2.0.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "file exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/02/01/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/01/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/01/17/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/17/5" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/01/31/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/31/1" } ] } diff --git a/2013/0xxx/CVE-2013-0295.json b/2013/0xxx/CVE-2013-0295.json index f9ff6c2f1e8..89db4039b53 100644 --- a/2013/0xxx/CVE-2013-0295.json +++ b/2013/0xxx/CVE-2013-0295.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-0295", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0295", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0342. Reason: This candidate is a duplicate of [ID]. Notes: All CVE users should reference CVE-2013-0342 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2013/0xxx/CVE-2013-0507.json b/2013/0xxx/CVE-2013-0507.json index 61d0481af71..737075ef301 100644 --- a/2013/0xxx/CVE-2013-0507.json +++ b/2013/0xxx/CVE-2013-0507.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0507", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "IBM InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "8.1" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.7" + }, + { + "version_value": "9.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Fixation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59815", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59815" } ] } diff --git a/2013/0xxx/CVE-2013-0517.json b/2013/0xxx/CVE-2013-0517.json index d516797d330..681d2935fc1 100644 --- a/2013/0xxx/CVE-2013-0517.json +++ b/2013/0xxx/CVE-2013-0517.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0517", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling External Authentication Server", + "version": { + "version_data": [ + { + "version_value": "2.2.0" + }, + { + "version_value": "2.3.01" + }, + { + "version_value": "2.4.0" + }, + { + "version_value": "and 2.4.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59807", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59807" + }, + { + "refsource": "MISC", + "name": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-addressed-in-ibm-sterling-external-authentication-server-cve-2013-0514-cve-2013-0517-4/", + "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-addressed-in-ibm-sterling-external-authentication-server-cve-2013-0514-cve-2013-0517-4/" } ] } diff --git a/2013/0xxx/CVE-2013-0700.json b/2013/0xxx/CVE-2013-0700.json index 26ad7240c4f..83ade1c6527 100644 --- a/2013/0xxx/CVE-2013-0700.json +++ b/2013/0xxx/CVE-2013-0700.json @@ -56,6 +56,11 @@ "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf" } ] } diff --git a/2013/0xxx/CVE-2013-0803.json b/2013/0xxx/CVE-2013-0803.json index 3382a58ad53..e5d18cca74c 100644 --- a/2013/0xxx/CVE-2013-0803.json +++ b/2013/0xxx/CVE-2013-0803.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-0803", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.exploit-db.com/exploits/24549", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24549" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82378", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82378" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-0803", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-0803" } ] } diff --git a/2013/1xxx/CVE-2013-1202.json b/2013/1xxx/CVE-2013-1202.json index 34b21ff17f4..c091c27ad53 100644 --- a/2013/1xxx/CVE-2013-1202.json +++ b/2013/1xxx/CVE-2013-1202.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-1202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco ACE", + "version": { + "version_data": [ + { + "version_value": "A2(3.6)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco ACE A2(3.6) allows log retention DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "log retention DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130516-CVE-2013-1202", + "refsource": "MISC", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130516-CVE-2013-1202" } ] } diff --git a/2013/1xxx/CVE-2013-1353.json b/2013/1xxx/CVE-2013-1353.json index 41c0bb1a3cb..ed10d3e123c 100644 --- a/2013/1xxx/CVE-2013-1353.json +++ b/2013/1xxx/CVE-2013-1353.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1353", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Orange HRM 2.7.1 allows XSS via the vacancy name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/119461/OrangeHRM-2.7.1-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/119461/OrangeHRM-2.7.1-Cross-Site-Scripting.html" } ] } diff --git a/2013/1xxx/CVE-2013-1359.json b/2013/1xxx/CVE-2013-1359.json index dca4b904a10..a9735ad609c 100644 --- a/2013/1xxx/CVE-2013-1359.json +++ b/2013/1xxx/CVE-2013-1359.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1359", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,63 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57445", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57445" + }, + { + "url": "http://www.exploit-db.com/exploits/24204", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24204" + }, + { + "url": "http://www.exploit-db.com/exploits/24322", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24322" + }, + { + "url": "http://www.securitytracker.com/id/1028007", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028007" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/author/7547/", + "url": "https://packetstormsecurity.com/files/author/7547/" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns", + "url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2013/Jan/125", + "url": "https://seclists.org/fulldisclosure/2013/Jan/125" } ] } diff --git a/2013/1xxx/CVE-2013-1360.json b/2013/1xxx/CVE-2013-1360.json index 026d8d5a158..5af24c81829 100644 --- a/2013/1xxx/CVE-2013-1360.json +++ b/2013/1xxx/CVE-2013-1360.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1360", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securitytracker.com/id/1028007", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028007" + }, + { + "url": "http://www.securityfocus.com/bid/57446", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57446" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366" + }, + { + "url": "http://www.exploit-db.com/exploits/24203", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24203" + }, + { + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1360", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360" } ] } diff --git a/2013/1xxx/CVE-2013-1400.json b/2013/1xxx/CVE-2013-1400.json index 54fc506a768..c60ab08d784 100644 --- a/2013/1xxx/CVE-2013-1400.json +++ b/2013/1xxx/CVE-2013-1400.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1400", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "57479", + "url": "http://www.securityfocus.com/bid/57479" + }, + { + "refsource": "XF", + "name": "81466", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81466" + }, + { + "refsource": "BUGTRAQ", + "name": "20130121 Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin", + "url": "https://www.securityfocus.com/archive/1/525370" } ] } diff --git a/2013/1xxx/CVE-2013-1401.json b/2013/1xxx/CVE-2013-1401.json index 494db40d8c1..bdd5c30e6ca 100644 --- a/2013/1xxx/CVE-2013-1401.json +++ b/2013/1xxx/CVE-2013-1401.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1401", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "57479", + "url": "http://www.securityfocus.com/bid/57479" + }, + { + "refsource": "BUGTRAQ", + "name": "20130121 Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin", + "url": "https://www.securityfocus.com/archive/1/525370" + }, + { + "refsource": "XF", + "name": "81467", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81467" } ] } diff --git a/2013/1xxx/CVE-2013-1410.json b/2013/1xxx/CVE-2013-1410.json index a9646391c60..ec7956bf6d2 100644 --- a/2013/1xxx/CVE-2013-1410.json +++ b/2013/1xxx/CVE-2013-1410.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1410", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-database.net/?id=59355", + "url": "https://www.exploit-database.net/?id=59355" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/57514/info", + "url": "https://www.securityfocus.com/bid/57514/info" } ] } diff --git a/2013/1xxx/CVE-2013-1422.json b/2013/1xxx/CVE-2013-1422.json index a64ecbb7e58..fef7ccb7d61 100644 --- a/2013/1xxx/CVE-2013-1422.json +++ b/2013/1xxx/CVE-2013-1422.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1422", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/22/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/22/8" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/25/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/25/4" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/58250/info", + "url": "https://www.securityfocus.com/bid/58250/info" } ] } diff --git a/2013/1xxx/CVE-2013-1571.json b/2013/1xxx/CVE-2013-1571.json index 3b9635e24c5..bd34c8aeb6f 100644 --- a/2013/1xxx/CVE-2013-1571.json +++ b/2013/1xxx/CVE-2013-1571.json @@ -236,6 +236,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/1xxx/CVE-2013-1607.json b/2013/1xxx/CVE-2013-1607.json index bbb8477b160..5bd8078227d 100644 --- a/2013/1xxx/CVE-2013-1607.json +++ b/2013/1xxx/CVE-2013-1607.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1607", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82563", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82563" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/58303/info", + "url": "https://www.securityfocus.com/bid/58303/info" } ] } diff --git a/2013/1xxx/CVE-2013-1634.json b/2013/1xxx/CVE-2013-1634.json index c712ff5f864..f286340ad05 100644 --- a/2013/1xxx/CVE-2013-1634.json +++ b/2013/1xxx/CVE-2013-1634.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1634", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "SECTRACK", + "name": "1028089", + "url": "http://www.securitytracker.com/id/1028089" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20130212 Re: Re: e1000e/82574L hardware erratum", + "url": "http://www.openwall.com/lists/oss-security/2013/02/12/4" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20130212 Re: e1000e/82574L hardware erratum", + "url": "http://www.openwall.com/lists/oss-security/2013/02/12/3" + }, + { + "refsource": "XF", + "name": "85069", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85069" + }, + { + "refsource": "MISC", + "name": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement", + "url": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement" + }, + { + "refsource": "MISC", + "name": "http://blog.krisk.org/2013/02/packets-of-death.html", + "url": "http://blog.krisk.org/2013/02/packets-of-death.html" } ] } diff --git a/2013/1xxx/CVE-2013-1760.json b/2013/1xxx/CVE-2013-1760.json index 0572f404d3e..6341ba34297 100644 --- a/2013/1xxx/CVE-2013-1760.json +++ b/2013/1xxx/CVE-2013-1760.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1760", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/64004", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/64004" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89358", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89358" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89360", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89360" } ] } diff --git a/2013/1xxx/CVE-2013-1924.json b/2013/1xxx/CVE-2013-1924.json index 612899211ca..eef35f8eed3 100644 --- a/2013/1xxx/CVE-2013-1924.json +++ b/2013/1xxx/CVE-2013-1924.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1924", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Commerce Skrill", + "product": { + "product_data": [ + { + "product_name": "Commerce Skrill", + "version": { + "version_data": [ + { + "version_value": "all versions prior to 7.x-1.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/04/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/04/6" + }, + { + "url": "http://drupal.org/node/1960338", + "refsource": "MISC", + "name": "http://drupal.org/node/1960338" } ] } diff --git a/2013/1xxx/CVE-2013-1938.json b/2013/1xxx/CVE-2013-1938.json index 30761648a25..80b721c965e 100644 --- a/2013/1xxx/CVE-2013-1938.json +++ b/2013/1xxx/CVE-2013-1938.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1938", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zimbra", + "version": { + "version_data": [ + { + "version_value": "2013" + } + ] + } + } + ] + }, + "vendor_name": "Zimbra" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra 2013 has XSS in aspell.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/58913", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58913" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/09/14", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/09/14" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/09/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/09/15" } ] } diff --git a/2013/2xxx/CVE-2013-2008.json b/2013/2xxx/CVE-2013-2008.json index bd5395fe58e..9e10cfdd5a6 100644 --- a/2013/2xxx/CVE-2013-2008.json +++ b/2013/2xxx/CVE-2013-2008.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2008", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Super Cache Plugin authors", + "product": { + "product_data": [ + { + "product_name": "Super Cache Plugin", + "version": { + "version_data": [ + { + "version_value": "1.3 (fixed in 1.3.1)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress Super Cache Plugin 1.3 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/24/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/24/10" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/24/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/24/8" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798" } ] } diff --git a/2013/2xxx/CVE-2013-2009.json b/2013/2xxx/CVE-2013-2009.json index e301e3831ad..aae7f99188a 100644 --- a/2013/2xxx/CVE-2013-2009.json +++ b/2013/2xxx/CVE-2013-2009.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2009", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WP Super Cache Plugin authors", + "product": { + "product_data": [ + { + "product_name": "WP Super Cache Plugin", + "version": { + "version_data": [ + { + "version_value": "1.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote PHP Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/24/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/24/10" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/24/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/24/8" + }, + { + "url": "http://www.securityfocus.com/bid/59470", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59470" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/24/12", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/24/12" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799" } ] } diff --git a/2013/2xxx/CVE-2013-2010.json b/2013/2xxx/CVE-2013-2010.json index 452c26f7714..6253d71e59c 100644 --- a/2013/2xxx/CVE-2013-2010.json +++ b/2013/2xxx/CVE-2013-2010.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2010", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "W3 Total Cache Plugin authors", + "product": { + "product_data": [ + { + "product_name": "W3 Total Cache Plugin", + "version": { + "version_data": [ + { + "version_value": "0.9.2.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote PHP Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html" + }, + { + "url": "http://www.securityfocus.com/bid/59316", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59316" + }, + { + "url": "http://www.exploit-db.com/exploits/25137", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/25137" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/24/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/24/9" } ] } diff --git a/2013/2xxx/CVE-2013-2057.json b/2013/2xxx/CVE-2013-2057.json index 5ad6178debd..9ddf66b72c4 100644 --- a/2013/2xxx/CVE-2013-2057.json +++ b/2013/2xxx/CVE-2013-2057.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2057", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YaBB", + "product": { + "product_data": [ + { + "product_name": "YaBB", + "version": { + "version_data": [ + { + "version_value": "through 2.5.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local File Include" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59643", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59643" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84034", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84034" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/05/05/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/05/1" } ] } diff --git a/2013/2xxx/CVE-2013-2067.json b/2013/2xxx/CVE-2013-2067.json index 9ed0612c3ea..4a3fb2edaf9 100644 --- a/2013/2xxx/CVE-2013-2067.json +++ b/2013/2xxx/CVE-2013-2067.json @@ -161,6 +161,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/2xxx/CVE-2013-2097.json b/2013/2xxx/CVE-2013-2097.json index ea7758a21c5..67db8388cef 100644 --- a/2013/2xxx/CVE-2013-2097.json +++ b/2013/2xxx/CVE-2013-2097.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2097", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZPanel", + "product": { + "product_data": [ + { + "product_name": "ZPanel", + "version": { + "version_data": [ + { + "version_value": "10.1.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZPanel through 10.1.0 has Remote Command Execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Command Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/134030/Zpanel-10.1.0-Remote-Unauthenticated-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134030/Zpanel-10.1.0-Remote-Unauthenticated-Code-Execution.html" + }, + { + "url": "http://www.exploit-db.com/exploits/25519", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/25519" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/05/16/12", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/16/12" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/05/16/16", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/16/16" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84364", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84364" } ] } diff --git a/2013/2xxx/CVE-2013-2108.json b/2013/2xxx/CVE-2013-2108.json index a268ed18bc8..94be2de8396 100644 --- a/2013/2xxx/CVE-2013-2108.json +++ b/2013/2xxx/CVE-2013-2108.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2108", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WP Cleanfix Plugin authors", + "product": { + "product_data": [ + { + "product_name": "WP Cleanfix Plugin", + "version": { + "version_data": [ + { + "version_value": "2.4.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress WP Cleanfix Plugin 2.4.4 has CSRF" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59940", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59940" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84435", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84435" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/05/18/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/18/11" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84562", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84562" } ] } diff --git a/2013/2xxx/CVE-2013-2109.json b/2013/2xxx/CVE-2013-2109.json index 834abf505f7..7eb9967d41e 100644 --- a/2013/2xxx/CVE-2013-2109.json +++ b/2013/2xxx/CVE-2013-2109.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2109", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "wp-cleanfix", + "version": { + "version_data": [ + { + "version_value": "1.4" + } + ] + } + } + ] + }, + "vendor_name": "wp-cleanfix authors" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress plugin wp-cleanfix has Remote Code Execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/05/18/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/18/11" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84434", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84434" } ] } diff --git a/2013/2xxx/CVE-2013-2120.json b/2013/2xxx/CVE-2013-2120.json index 44bf8498ef9..b893414034e 100644 --- a/2013/2xxx/CVE-2013-2120.json +++ b/2013/2xxx/CVE-2013-2120.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2120", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Random Number Generation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "KDE Paste Applet", + "version": { + "version_data": [ + { + "version_value": "before 4.10.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=969421", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=969421" + }, + { + "refsource": "MISC", + "name": "https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce", + "url": "https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce" + }, + { + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0114.html", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0114.html" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/05/28/5", + "url": "http://openwall.com/lists/oss-security/2013/05/28/5" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/05/29/6", + "url": "http://openwall.com/lists/oss-security/2013/05/29/6" } ] } diff --git a/2013/2xxx/CVE-2013-2213.json b/2013/2xxx/CVE-2013-2213.json index 5c1022adac5..ae66573035d 100644 --- a/2013/2xxx/CVE-2013-2213.json +++ b/2013/2xxx/CVE-2013-2213.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2213", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Random Number Generation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "KDE Paste Applet", + "version": { + "version_data": [ + { + "version_value": "after 4.10.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=978243", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978243" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/06/13/1", + "url": "http://openwall.com/lists/oss-security/2013/06/13/1" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/06/26/2", + "url": "http://openwall.com/lists/oss-security/2013/06/26/2" } ] } diff --git a/2013/2xxx/CVE-2013-2637.json b/2013/2xxx/CVE-2013-2637.json index 0974d594d8a..7a515b840d6 100644 --- a/2013/2xxx/CVE-2013-2637.json +++ b/2013/2xxx/CVE-2013-2637.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2637", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html" + }, + { + "url": "http://www.securityfocus.com/bid/58930", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58930" + }, + { + "url": "http://www.exploit-db.com/exploits/24922", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24922" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288" } ] } diff --git a/2013/2xxx/CVE-2013-2675.json b/2013/2xxx/CVE-2013-2675.json index da4574819fe..de10ba6911a 100644 --- a/2013/2xxx/CVE-2013-2675.json +++ b/2013/2xxx/CVE-2013-2675.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2675", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html" + }, + { + "refsource": "XF", + "name": "84092", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84092" + }, + { + "refsource": "BID", + "name": "59724", + "url": "https://www.securityfocus.com/bid/59724" } ] } diff --git a/2013/2xxx/CVE-2013-2676.json b/2013/2xxx/CVE-2013-2676.json index 65ca619dcaa..288847f93b3 100644 --- a/2013/2xxx/CVE-2013-2676.json +++ b/2013/2xxx/CVE-2013-2676.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2676", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html" + }, + { + "refsource": "XF", + "name": "84090", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84090" + }, + { + "refsource": "BID", + "name": "59726", + "url": "https://www.securityfocus.com/bid/59726" } ] } diff --git a/2013/2xxx/CVE-2013-2678.json b/2013/2xxx/CVE-2013-2678.json index f68ba8e9504..c09c61f3f98 100644 --- a/2013/2xxx/CVE-2013-2678.json +++ b/2013/2xxx/CVE-2013-2678.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2678", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59710", + "url": "http://www.securityfocus.com/bid/59710" + }, + { + "refsource": "EXPLOIT-DB", + "name": "25292", + "url": "http://www.exploit-db.com/exploits/25292" + }, + { + "url": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "refsource": "XF", + "name": "84027", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84072" } ] } diff --git a/2013/2xxx/CVE-2013-2680.json b/2013/2xxx/CVE-2013-2680.json index 479090ad59f..cd43436abcd 100644 --- a/2013/2xxx/CVE-2013-2680.json +++ b/2013/2xxx/CVE-2013-2680.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2680", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59712", + "url": "http://www.securityfocus.com/bid/59712" + }, + { + "url": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "refsource": "XF", + "name": "84073", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84073" } ] } diff --git a/2013/2xxx/CVE-2013-2681.json b/2013/2xxx/CVE-2013-2681.json index a49511fc24c..173e1f7740e 100644 --- a/2013/2xxx/CVE-2013-2681.json +++ b/2013/2xxx/CVE-2013-2681.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2681", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59714", + "url": "http://www.securityfocus.com/bid/59714" + }, + { + "url": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "refsource": "XF", + "name": "84068", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84068" } ] } diff --git a/2013/2xxx/CVE-2013-2682.json b/2013/2xxx/CVE-2013-2682.json index 880afcc41d1..99d0c9f6b13 100644 --- a/2013/2xxx/CVE-2013-2682.json +++ b/2013/2xxx/CVE-2013-2682.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2682", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59717", + "url": "http://www.securityfocus.com/bid/59717" + }, + { + "url": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "refsource": "XF", + "name": "84071", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84071" } ] } diff --git a/2013/2xxx/CVE-2013-2683.json b/2013/2xxx/CVE-2013-2683.json index 08607d9cb73..012a2debfce 100644 --- a/2013/2xxx/CVE-2013-2683.json +++ b/2013/2xxx/CVE-2013-2683.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2683", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59713", + "url": "http://www.securityfocus.com/bid/59713" + }, + { + "url": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "refsource": "XF", + "name": "84067", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84067" } ] } diff --git a/2013/2xxx/CVE-2013-2684.json b/2013/2xxx/CVE-2013-2684.json index 73e3ae4b00b..2af5d8f4065 100644 --- a/2013/2xxx/CVE-2013-2684.json +++ b/2013/2xxx/CVE-2013-2684.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2684", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59716", + "url": "http://www.securityfocus.com/bid/59716" + }, + { + "url": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "refsource": "XF", + "name": "84070", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84070" } ] } diff --git a/2013/2xxx/CVE-2013-2780.json b/2013/2xxx/CVE-2013-2780.json index 41c4f615ddd..d4fd8a8a3ac 100644 --- a/2013/2xxx/CVE-2013-2780.json +++ b/2013/2xxx/CVE-2013-2780.json @@ -56,6 +56,11 @@ "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf" } ] } diff --git a/2013/3xxx/CVE-2013-3067.json b/2013/3xxx/CVE-2013-3067.json index 34afe9fa071..0f2952e14dd 100644 --- a/2013/3xxx/CVE-2013-3067.json +++ b/2013/3xxx/CVE-2013-3067.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3067", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" + }, + { + "refsource": "MISC", + "name": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/research/studies-and-papers/linksys_wrt310v2/", + "url": "https://www.ise.io/research/studies-and-papers/linksys_wrt310v2/" } ] } diff --git a/2013/3xxx/CVE-2013-3091.json b/2013/3xxx/CVE-2013-3091.json index 6fe22e1d273..4b037732ed8 100644 --- a/2013/3xxx/CVE-2013-3091.json +++ b/2013/3xxx/CVE-2013-3091.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3091", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using \"Javascript debugging.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" + }, + { + "refsource": "MISC", + "name": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/research/studies-and-papers/belkin_n900/", + "url": "https://www.ise.io/research/studies-and-papers/belkin_n900/" } ] } diff --git a/2013/3xxx/CVE-2013-3096.json b/2013/3xxx/CVE-2013-3096.json index ae1516d52be..899fac4717b 100644 --- a/2013/3xxx/CVE-2013-3096.json +++ b/2013/3xxx/CVE-2013-3096.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3096", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR865L v1.03 suffers from an \"Unauthenticated Hardware Linking\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" + }, + { + "refsource": "MISC", + "name": "http://securityevaluators.com/knowledge/case_studies/routers/dlink_dir865l.php", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/dlink_dir865l.php" + }, + { + "refsource": "MISC", + "name": "https://www.ise.io/research/studies-and-papers/dlink_dir865l/", + "url": "https://www.ise.io/research/studies-and-papers/dlink_dir865l/" } ] } diff --git a/2013/3xxx/CVE-2013-3494.json b/2013/3xxx/CVE-2013-3494.json index 3c8a8327834..d277f9541f7 100644 --- a/2013/3xxx/CVE-2013-3494.json +++ b/2013/3xxx/CVE-2013-3494.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3494", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "UMPlayer", + "product": { + "product_data": [ + { + "product_name": "UMPlayer", + "version": { + "version_data": [ + { + "version_value": "0.98" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89262", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89262" } ] } diff --git a/2013/3xxx/CVE-2013-3564.json b/2013/3xxx/CVE-2013-3564.json index 27421aedcfe..2546a591fc3 100644 --- a/2013/3xxx/CVE-2013-3564.json +++ b/2013/3xxx/CVE-2013-3564.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3564", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt", + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt" } ] } diff --git a/2013/3xxx/CVE-2013-3568.json b/2013/3xxx/CVE-2013-3568.json index 851f599ee9a..c2763e89506 100644 --- a/2013/3xxx/CVE-2013-3568.json +++ b/2013/3xxx/CVE-2013-3568.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3568", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "61151", + "url": "http://www.securityfocus.com/bid/61151" + }, + { + "refsource": "EXPLOIT-DB", + "name": "28484", + "url": "http://www.exploit-db.com/exploits/28484" + }, + { + "refsource": "XF", + "name": "85642", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85642" } ] } diff --git a/2013/3xxx/CVE-2013-3591.json b/2013/3xxx/CVE-2013-3591.json index d501958cbc7..cee1c436016 100644 --- a/2013/3xxx/CVE-2013-3591.json +++ b/2013/3xxx/CVE-2013-3591.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2013-3591", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vTiger CRM", + "product": { + "product_data": [ + { + "product_name": "vTiger CRM", + "version": { + "version_data": [ + { + "version_value": "5.3" + }, + { + "version_value": "5.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PHP Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", + "refsource": "MISC", + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats" + }, + { + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one", + "refsource": "MISC", + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one" + }, + { + "url": "http://www.securityfocus.com/bid/63454", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/63454" + }, + { + "url": "http://www.exploit-db.com/exploits/29319", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/29319" } ] } diff --git a/2013/3xxx/CVE-2013-3628.json b/2013/3xxx/CVE-2013-3628.json index 1bb00ca504c..cb66f53222b 100644 --- a/2013/3xxx/CVE-2013-3628.json +++ b/2013/3xxx/CVE-2013-3628.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2013-3628", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zabbix", + "product": { + "product_data": [ + { + "product_name": "Zabbix", + "version": { + "version_data": [ + { + "version_value": "2.0.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Command Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", + "refsource": "MISC", + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats" + }, + { + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one", + "refsource": "MISC", + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one" + }, + { + "url": "http://www.securityfocus.com/bid/63453", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/63453" + }, + { + "url": "http://www.exploit-db.com/exploits/29321", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/29321" } ] } diff --git a/2013/3xxx/CVE-2013-3629.json b/2013/3xxx/CVE-2013-3629.json index eff42843436..31c0027b47e 100644 --- a/2013/3xxx/CVE-2013-3629.json +++ b/2013/3xxx/CVE-2013-3629.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2013-3629", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ISPConfig", + "product": { + "product_data": [ + { + "product_name": "ISPConfig", + "version": { + "version_data": [ + { + "version_value": "3.0.5.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PHP Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", + "refsource": "MISC", + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats" + }, + { + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one", + "refsource": "MISC", + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one" + }, + { + "url": "http://www.securityfocus.com/bid/63455", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/63455" + }, + { + "url": "http://www.exploit-db.com/exploits/29322", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/29322" } ] } diff --git a/2013/3xxx/CVE-2013-3635.json b/2013/3xxx/CVE-2013-3635.json index c2294b3c9b3..a0b4c096751 100644 --- a/2013/3xxx/CVE-2013-3635.json +++ b/2013/3xxx/CVE-2013-3635.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3635", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ProjectPier 0.8.8 has stored XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html" } ] } diff --git a/2013/3xxx/CVE-2013-3636.json b/2013/3xxx/CVE-2013-3636.json index 3621e96d19c..c08be98d5c0 100644 --- a/2013/3xxx/CVE-2013-3636.json +++ b/2013/3xxx/CVE-2013-3636.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3636", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html" + }, + { + "url": "http://www.securityfocus.com/bid/60739", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60739" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85609", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85609" } ] } diff --git a/2013/3xxx/CVE-2013-3637.json b/2013/3xxx/CVE-2013-3637.json index 59e93c47f04..021c902bb14 100644 --- a/2013/3xxx/CVE-2013-3637.json +++ b/2013/3xxx/CVE-2013-3637.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3637", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ProjectPier 0.8.8 does not use the Secure flag for cookies" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html" } ] } diff --git a/2013/3xxx/CVE-2013-3638.json b/2013/3xxx/CVE-2013-3638.json index 3dde0c7e486..dbc4ba85fea 100644 --- a/2013/3xxx/CVE-2013-3638.json +++ b/2013/3xxx/CVE-2013-3638.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3638", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "60511", + "url": "http://www.securityfocus.com/bid/60511" + }, + { + "refsource": "XF", + "name": "84928", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84928" } ] } diff --git a/2013/3xxx/CVE-2013-3684.json b/2013/3xxx/CVE-2013-3684.json index e8c9f7a71d9..87a666a901d 100644 --- a/2013/3xxx/CVE-2013-3684.json +++ b/2013/3xxx/CVE-2013-3684.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3684", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85012", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85012" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85011", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85011" } ] } diff --git a/2013/3xxx/CVE-2013-3685.json b/2013/3xxx/CVE-2013-3685.json index 5d2af45c9ba..4518c86e682 100644 --- a/2013/3xxx/CVE-2013-3685.json +++ b/2013/3xxx/CVE-2013-3685.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3685", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/60749", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60749" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85296", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85296" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2013/Jun/196", + "url": "https://seclists.org/fulldisclosure/2013/Jun/196" + }, + { + "refsource": "MISC", + "name": "https://androidvulnerabilities.org/all", + "url": "https://androidvulnerabilities.org/all" } ] } diff --git a/2013/3xxx/CVE-2013-3725.json b/2013/3xxx/CVE-2013-3725.json index 1851070292a..9406ae22841 100644 --- a/2013/3xxx/CVE-2013-3725.json +++ b/2013/3xxx/CVE-2013-3725.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3725", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.john-jean.com/blog/securite-informatique/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution-742", + "refsource": "MISC", + "name": "http://www.john-jean.com/blog/securite-informatique/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution-742" } ] } diff --git a/2013/3xxx/CVE-2013-3942.json b/2013/3xxx/CVE-2013-3942.json index 5f1abb0a539..43e0a95a696 100644 --- a/2013/3xxx/CVE-2013-3942.json +++ b/2013/3xxx/CVE-2013-3942.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3942", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Daum", + "product": { + "product_data": [ + { + "product_name": "Potplayer", + "version": { + "version_data": [ + { + "version_value": "prior to 1.5.39659" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "untrusted search path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/64023", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/64023" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89352", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89352" } ] } diff --git a/2013/4xxx/CVE-2013-4090.json b/2013/4xxx/CVE-2013-4090.json index d6bd372e4ea..b884e921610 100644 --- a/2013/4xxx/CVE-2013-4090.json +++ b/2013/4xxx/CVE-2013-4090.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4090", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Varnish HTTP cache before 3.0.4: ACL bug" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html", + "refsource": "MISC", + "name": "https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html" } ] } diff --git a/2013/4xxx/CVE-2013-4166.json b/2013/4xxx/CVE-2013-4166.json index 2ec608dc4f5..72e29a94ec0 100644 --- a/2013/4xxx/CVE-2013-4166.json +++ b/2013/4xxx/CVE-2013-4166.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4166", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GNOME", + "product": { + "product_data": [ + { + "product_name": "Evolution", + "version": { + "version_data": [ + { + "version_value": "3.8.4 and earlier" + } + ] + } + }, + { + "product_name": "Evolution Data Server", + "version": { + "version_data": [ + { + "version_value": "3.9.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5", + "url": "https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5" + }, + { + "refsource": "CONFIRM", + "name": "https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d", + "url": "https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2013/q3/191", + "url": "http://seclists.org/oss-sec/2013/q3/191" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=973728", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973728" + }, + { + "refsource": "CONFIRM", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1540.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1540.html" } ] } diff --git a/2013/4xxx/CVE-2013-4211.json b/2013/4xxx/CVE-2013-4211.json index 7a168ad599e..a584f0b5b57 100644 --- a/2013/4xxx/CVE-2013-4211.json +++ b/2013/4xxx/CVE-2013-4211.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4211", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenX", + "product": { + "product_data": [ + { + "product_name": "Ad Server", + "version": { + "version_data": [ + { + "version_value": "2.8.10" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "backdoor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61650", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61650" + }, + { + "url": "http://www.exploit-db.com/exploits/27529", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27529" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/08/07/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/07/2" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-4211", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211" } ] } diff --git a/2013/4xxx/CVE-2013-4225.json b/2013/4xxx/CVE-2013-4225.json index a53c6608206..e2d974e925f 100644 --- a/2013/4xxx/CVE-2013-4225.json +++ b/2013/4xxx/CVE-2013-4225.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4225", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,69 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the \"access resource node\" and \"create page content\" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RESTful Web Services", + "product": { + "product_data": [ + { + "product_name": "RESTful Web Services", + "version": { + "version_data": [ + { + "version_value": "7.x-1.x before 7.x-1.4" + }, + { + "version_value": "7.x-2.x before 7.x-2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://drupal.org/node/2059603", + "url": "https://drupal.org/node/2059603" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/2059591", + "url": "https://drupal.org/node/2059591" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/2059593", + "url": "https://drupal.org/node/2059593" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/10/1", + "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1" } ] } diff --git a/2013/4xxx/CVE-2013-4267.json b/2013/4xxx/CVE-2013-4267.json index b65624aec57..86e4bc6e82f 100644 --- a/2013/4xxx/CVE-2013-4267.json +++ b/2013/4xxx/CVE-2013-4267.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4267", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Metacharacters" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ajaxeplorer", + "version": { + "version_data": [ + { + "version_value": "before 5.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/21/16", + "url": "http://www.openwall.com/lists/oss-security/2013/08/21/16" + }, + { + "refsource": "MISC", + "name": "https://github.com/pydio/pydio-core/commit/22a62840e5ac14bb389", + "url": "https://github.com/pydio/pydio-core/commit/22a62840e5ac14bb389" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/plugins/nessus/70495", + "url": "https://www.tenable.com/plugins/nessus/70495" } ] } diff --git a/2013/4xxx/CVE-2013-4268.json b/2013/4xxx/CVE-2013-4268.json index e9dae78067b..e7b24e2d189 100644 --- a/2013/4xxx/CVE-2013-4268.json +++ b/2013/4xxx/CVE-2013-4268.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-4268", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4268", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4267. Reason: This issue was MERGED into CVE-2013-4267 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-4267 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2013/4xxx/CVE-2013-4269.json b/2013/4xxx/CVE-2013-4269.json index 6e4a1bff4ae..f540e8bbbbf 100644 --- a/2013/4xxx/CVE-2013-4269.json +++ b/2013/4xxx/CVE-2013-4269.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-4269", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4269", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4267. Reason: This issue was MERGED into CVE-2013-4267 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-4267 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2013/4xxx/CVE-2013-4286.json b/2013/4xxx/CVE-2013-4286.json index fe5b6eb520d..f12c1a3fa03 100644 --- a/2013/4xxx/CVE-2013-4286.json +++ b/2013/4xxx/CVE-2013-4286.json @@ -271,6 +271,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/4xxx/CVE-2013-4322.json b/2013/4xxx/CVE-2013-4322.json index 2ca08d5a873..fcfcb11eb26 100644 --- a/2013/4xxx/CVE-2013-4322.json +++ b/2013/4xxx/CVE-2013-4322.json @@ -251,6 +251,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/4xxx/CVE-2013-4334.json b/2013/4xxx/CVE-2013-4334.json index 361ed9bd782..9b5c72c8fa4 100644 --- a/2013/4xxx/CVE-2013-4334.json +++ b/2013/4xxx/CVE-2013-4334.json @@ -1,8 +1,43 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4334", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "opWebAPIPlugin", + "product": { + "product_data": [ + { + "product_name": "opWebAPIPlugin", + "version": { + "version_data": [ + { + "version_value": "0.5.1" + }, + { + "version_value": "0.4.0" + }, + { + "version_value": "0.1.0 (Fixed: 0.5.1.1" + }, + { + "version_value": "0.4.0.1" + }, + { + "version_value": "0.1.0.1)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +46,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6" + }, + { + "refsource": "MISC", + "name": "http://www.openpne.jp/archives/12091/", + "url": "http://www.openpne.jp/archives/12091/" } ] } diff --git a/2013/4xxx/CVE-2013-4335.json b/2013/4xxx/CVE-2013-4335.json index d544015b592..5afa184a269 100644 --- a/2013/4xxx/CVE-2013-4335.json +++ b/2013/4xxx/CVE-2013-4335.json @@ -1,8 +1,49 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4335", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "opOpenSocialPlugin", + "product": { + "product_data": [ + { + "product_name": "opOpenSocialPlugin", + "version": { + "version_data": [ + { + "version_value": "0.8.2.1" + }, + { + "version_value": "> 0.9.9.2" + }, + { + "version_value": "0.9.13" + }, + { + "version_value": "1.2.6 (Fixed: 0.8.2.2" + }, + { + "version_value": "0.9.9.3" + }, + { + "version_value": "0.9.13.1" + }, + { + "version_value": "1.2.6.1)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +52,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6" + }, + { + "url": "http://www.securityfocus.com/bid/62287", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/62287" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033" } ] } diff --git a/2013/4xxx/CVE-2013-4395.json b/2013/4xxx/CVE-2013-4395.json index 7f504edcb2e..4b52dddc48b 100644 --- a/2013/4xxx/CVE-2013-4395.json +++ b/2013/4xxx/CVE-2013-4395.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4395", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SMF", + "product": { + "product_data": [ + { + "product_name": "SMF", + "version": { + "version_data": [ + { + "version_value": "through 2.0.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Simple Machines Forum (SMF) through 2.0.5 has XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/01/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/01/8" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/02/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/02/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/02/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/02/3" } ] } diff --git a/2013/4xxx/CVE-2013-4448.json b/2013/4xxx/CVE-2013-4448.json index ace34072575..43314204ce4 100644 --- a/2013/4xxx/CVE-2013-4448.json +++ b/2013/4xxx/CVE-2013-4448.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4448", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "echoping", + "product": { + "product_data": [ + { + "product_name": "echoping", + "version": { + "version_data": [ + { + "version_value": "through 6.0.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "echoping through 6.0.2 has buffer overflow vulnerabilities" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/19/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/19/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/21/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/21/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/21/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/21/9" } ] } diff --git a/2013/4xxx/CVE-2013-4521.json b/2013/4xxx/CVE-2013-4521.json index 9e74c8e6dc2..97f1896a02b 100644 --- a/2013/4xxx/CVE-2013-4521.json +++ b/2013/4xxx/CVE-2013-4521.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4521", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,64 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nuxeo", + "product": { + "product_data": [ + { + "product_name": "Nuxeo Platform", + "version": { + "version_data": [ + { + "version_value": "5.6.0 before HF27" + }, + { + "version_value": "5.8.0 before HF-01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027052", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027052" + }, + { + "refsource": "CONFIRM", + "name": "http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes", + "url": "http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec", + "url": "https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec" } ] } diff --git a/2013/4xxx/CVE-2013-4535.json b/2013/4xxx/CVE-2013-4535.json index a9bd8d8674d..b1cb5d93b89 100644 --- a/2013/4xxx/CVE-2013-4535.json +++ b/2013/4xxx/CVE-2013-4535.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4535", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Signedness Error" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "before 1.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html", + "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4", + "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401" } ] } diff --git a/2013/4xxx/CVE-2013-4572.json b/2013/4xxx/CVE-2013-4572.json index 639b9bf39a5..2628fa7b3e9 100644 --- a/2013/4xxx/CVE-2013-4572.json +++ b/2013/4xxx/CVE-2013-4572.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4572", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,72 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wikimedia Foundation", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "before 1.19.9" + }, + { + "version_value": "1.20.x before 1.20.8" + }, + { + "version_value": "1.21.x before 1.21.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html" } ] } diff --git a/2013/4xxx/CVE-2013-4590.json b/2013/4xxx/CVE-2013-4590.json index ae26654e06b..bdcf8541bc8 100644 --- a/2013/4xxx/CVE-2013-4590.json +++ b/2013/4xxx/CVE-2013-4590.json @@ -201,6 +201,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2013/4xxx/CVE-2013-4602.json b/2013/4xxx/CVE-2013-4602.json index 408906abd0d..e63e08f1b6e 100644 --- a/2013/4xxx/CVE-2013-4602.json +++ b/2013/4xxx/CVE-2013-4602.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4602", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/60552", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60552" + }, + { + "url": "http://www.securitytracker.com/id/1028666", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028666" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85099", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85099" + }, + { + "refsource": "MISC", + "name": "https://vuldb.com/?id.9151", + "url": "https://vuldb.com/?id.9151" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/122024/Avira-AntiVir-Engine-Denial-Of-Service-Filter-Evasion.html", + "url": "https://packetstormsecurity.com/files/122024/Avira-AntiVir-Engine-Denial-Of-Service-Filter-Evasion.html" } ] } diff --git a/2013/4xxx/CVE-2013-4791.json b/2013/4xxx/CVE-2013-4791.json index ecc3a08c2ac..f08761515cf 100644 --- a/2013/4xxx/CVE-2013-4791.json +++ b/2013/4xxx/CVE-2013-4791.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4791", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html", + "url": "http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html" } ] } diff --git a/2013/4xxx/CVE-2013-4792.json b/2013/4xxx/CVE-2013-4792.json index 8be3398d731..8ce311453e6 100644 --- a/2013/4xxx/CVE-2013-4792.json +++ b/2013/4xxx/CVE-2013-4792.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4792", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PrestaShop before 1.4.11 allows logout CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html", + "url": "http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html" } ] } diff --git a/2013/5xxx/CVE-2013-5106.json b/2013/5xxx/CVE-2013-5106.json index 43b84433bf1..3e99f9dfc96 100644 --- a/2013/5xxx/CVE-2013-5106.json +++ b/2013/5xxx/CVE-2013-5106.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5106", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://github.com/klen/python-mode/issues/162", + "refsource": "MISC", + "name": "http://github.com/klen/python-mode/issues/162" } ] } diff --git a/2013/5xxx/CVE-2013-5212.json b/2013/5xxx/CVE-2013-5212.json index 12c41d7a04b..2c8561945c0 100644 --- a/2013/5xxx/CVE-2013-5212.json +++ b/2013/5xxx/CVE-2013-5212.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5212", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2013/Oct/224", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2013/Oct/224" + }, + { + "refsource": "XF", + "name": "88293", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88293" } ] } diff --git a/2013/5xxx/CVE-2013-5582.json b/2013/5xxx/CVE-2013-5582.json index c710bb0749e..169a6a66ccf 100644 --- a/2013/5xxx/CVE-2013-5582.json +++ b/2013/5xxx/CVE-2013-5582.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5582", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/530827", + "url": "http://www.securityfocus.com/archive/1/530827" } ] } diff --git a/2013/5xxx/CVE-2013-5687.json b/2013/5xxx/CVE-2013-5687.json index 3ea31fde422..08049e053ba 100644 --- a/2013/5xxx/CVE-2013-5687.json +++ b/2013/5xxx/CVE-2013-5687.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5687", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "89118", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89118" } ] } diff --git a/2013/5xxx/CVE-2013-5709.json b/2013/5xxx/CVE-2013-5709.json index 25216b42f92..e9a8f5433d1 100644 --- a/2013/5xxx/CVE-2013-5709.json +++ b/2013/5xxx/CVE-2013-5709.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf" } ] } diff --git a/2013/5xxx/CVE-2013-5944.json b/2013/5xxx/CVE-2013-5944.json index b7575a6b509..59312d5f97a 100644 --- a/2013/5xxx/CVE-2013-5944.json +++ b/2013/5xxx/CVE-2013-5944.json @@ -56,6 +56,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf" } ] } diff --git a/2013/5xxx/CVE-2013-5945.json b/2013/5xxx/CVE-2013-5945.json index 53cc65be024..bd2f1701e91 100644 --- a/2013/5xxx/CVE-2013-5945.json +++ b/2013/5xxx/CVE-2013-5945.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5945", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", + "url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf" + }, + { + "refsource": "MISC", + "name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", + "url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf" + }, + { + "refsource": "MISC", + "name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", + "url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf" + }, + { + "refsource": "MISC", + "name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", + "url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/30061", + "url": "http://www.exploit-db.com/exploits/30061" } ] } diff --git a/2013/5xxx/CVE-2013-5988.json b/2013/5xxx/CVE-2013-5988.json index 674cd2e2f4b..ff37ae3e489 100644 --- a/2013/5xxx/CVE-2013-5988.json +++ b/2013/5xxx/CVE-2013-5988.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5988", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-5988", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-5988" + }, + { + "url": "https://www.securityfocus.com/archive/1/528962", + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/528962" } ] } diff --git a/2013/5xxx/CVE-2013-5989.json b/2013/5xxx/CVE-2013-5989.json index 531b8aa80dd..94fc2b81cb3 100644 --- a/2013/5xxx/CVE-2013-5989.json +++ b/2013/5xxx/CVE-2013-5989.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-5989", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5989", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4969. Reason: This candidate is a duplicate of CVE-2011-4969. Notes: All CVE users should reference CVE-2011-4969 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2013/6xxx/CVE-2013-6022.json b/2013/6xxx/CVE-2013-6022.json index a1deed79437..2c0a6fe3a2a 100644 --- a/2013/6xxx/CVE-2013-6022.json +++ b/2013/6xxx/CVE-2013-6022.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2013-6022", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tiki", + "version": { + "version_data": [ + { + "version_value": "2013" + } + ] + } + } + ] + }, + "vendor_name": "Tiki" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/63463", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/63463" + }, + { + "url": "http://www.kb.cert.org/vuls/id/450646", + "refsource": "MISC", + "name": "http://www.kb.cert.org/vuls/id/450646" } ] } diff --git a/2013/6xxx/CVE-2013-6236.json b/2013/6xxx/CVE-2013-6236.json index 2cbcff9399e..61628ac59d2 100644 --- a/2013/6xxx/CVE-2013-6236.json +++ b/2013/6xxx/CVE-2013-6236.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6236", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IZON IP 2.0.2: hard-coded password vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88337", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88337" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-6236", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-6236" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2013/Oct/149", + "url": "https://seclists.org/bugtraq/2013/Oct/149" } ] } diff --git a/2013/6xxx/CVE-2013-6277.json b/2013/6xxx/CVE-2013-6277.json index 19a9fad4af9..e9efe77940c 100644 --- a/2013/6xxx/CVE-2013-6277.json +++ b/2013/6xxx/CVE-2013-6277.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6277", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "QNAP VioCard 300 has hardcoded RSA private keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://firmware.re/usenixsec14/", + "refsource": "MISC", + "name": "http://firmware.re/usenixsec14/" + }, + { + "refsource": "MISC", + "name": "http://firmware.re/vulns/acsa-2013-002.php", + "url": "http://firmware.re/vulns/acsa-2013-002.php" } ] } diff --git a/2013/6xxx/CVE-2013-6360.json b/2013/6xxx/CVE-2013-6360.json index 2cd5e27d16c..4ae4a26f86a 100644 --- a/2013/6xxx/CVE-2013-6360.json +++ b/2013/6xxx/CVE-2013-6360.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6360", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TRENDnet TS-S402 has a backdoor to enable TELNET." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://firmware.re/usenixsec14/", + "refsource": "MISC", + "name": "http://firmware.re/usenixsec14/" + }, + { + "refsource": "MISC", + "name": "http://firmware.re/vulns/acsa-2013-014.php", + "url": "http://firmware.re/vulns/acsa-2013-014.php" } ] } diff --git a/2013/6xxx/CVE-2013-6362.json b/2013/6xxx/CVE-2013-6362.json index ff473cd6288..ed051ab8135 100644 --- a/2013/6xxx/CVE-2013-6362.json +++ b/2013/6xxx/CVE-2013-6362.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6362", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://firmware.re/usenixsec14/", + "refsource": "MISC", + "name": "http://firmware.re/usenixsec14/" + }, + { + "refsource": "MISC", + "name": "http://firmware.re/vulns/acsa-2013-005.php", + "url": "http://firmware.re/vulns/acsa-2013-005.php" } ] } diff --git a/2013/6xxx/CVE-2013-6499.json b/2013/6xxx/CVE-2013-6499.json index 0fb46b5ed19..34f80c6eabc 100644 --- a/2013/6xxx/CVE-2013-6499.json +++ b/2013/6xxx/CVE-2013-6499.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-6499", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2013/6xxx/CVE-2013-6681.json b/2013/6xxx/CVE-2013-6681.json index 730191ec016..c078ea85add 100644 --- a/2013/6xxx/CVE-2013-6681.json +++ b/2013/6xxx/CVE-2013-6681.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6681", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/64039", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/64039" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89849", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89849" } ] } diff --git a/2013/6xxx/CVE-2013-6920.json b/2013/6xxx/CVE-2013-6920.json index 4ded16a5b0c..bda478538cc 100644 --- a/2013/6xxx/CVE-2013-6920.json +++ b/2013/6xxx/CVE-2013-6920.json @@ -61,6 +61,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf" } ] } diff --git a/2013/6xxx/CVE-2013-6927.json b/2013/6xxx/CVE-2013-6927.json index c569d176af3..99468f4b94b 100644 --- a/2013/6xxx/CVE-2013-6927.json +++ b/2013/6xxx/CVE-2013-6927.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6927", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "64192", + "url": "http://www.securityfocus.com/bid/64192" + }, + { + "refsource": "XF", + "name": "90077", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90077" } ] } diff --git a/2013/7xxx/CVE-2013-7051.json b/2013/7xxx/CVE-2013-7051.json index 6f33bd32fe1..2e6650456c4 100644 --- a/2013/7xxx/CVE-2013-7051.json +++ b/2013/7xxx/CVE-2013-7051.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7051", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt", + "refsource": "MISC", + "name": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt" + }, + { + "url": "http://www.exploit-db.com/exploits/31425", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/31425" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90904", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90904" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/65290", + "url": "https://www.securityfocus.com/bid/65290" } ] } diff --git a/2013/7xxx/CVE-2013-7052.json b/2013/7xxx/CVE-2013-7052.json index 28aa9eda0d0..fb487d46622 100644 --- a/2013/7xxx/CVE-2013-7052.json +++ b/2013/7xxx/CVE-2013-7052.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7052", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt", + "refsource": "MISC", + "name": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90902", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90902" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/65290", + "url": "https://www.securityfocus.com/bid/65290" } ] } diff --git a/2013/7xxx/CVE-2013-7053.json b/2013/7xxx/CVE-2013-7053.json index 394a6b2459a..5dd71bd403a 100644 --- a/2013/7xxx/CVE-2013-7053.json +++ b/2013/7xxx/CVE-2013-7053.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7053", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-100 4.03B07: cli.cgi CSRF" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt", + "refsource": "MISC", + "name": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90905", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90905" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/65290/info", + "url": "https://www.securityfocus.com/bid/65290/info" } ] } diff --git a/2013/7xxx/CVE-2013-7054.json b/2013/7xxx/CVE-2013-7054.json index b7d4b45d955..b475689ea85 100644 --- a/2013/7xxx/CVE-2013-7054.json +++ b/2013/7xxx/CVE-2013-7054.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7054", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-100 4.03B07: cli.cgi XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt", + "refsource": "MISC", + "name": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90906", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90906" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/65290/info", + "url": "https://www.securityfocus.com/bid/65290/info" } ] } diff --git a/2013/7xxx/CVE-2013-7055.json b/2013/7xxx/CVE-2013-7055.json index a507bae721d..6d04662b766 100644 --- a/2013/7xxx/CVE-2013-7055.json +++ b/2013/7xxx/CVE-2013-7055.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7055", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-100 4.03B07 has PPTP and poe information disclosure" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt", + "refsource": "MISC", + "name": "http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90903", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90903" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/65290/info", + "url": "https://www.securityfocus.com/bid/65290/info" } ] } diff --git a/2013/7xxx/CVE-2013-7098.json b/2013/7xxx/CVE-2013-7098.json index 50cf97a87a7..36f7707e7a3 100644 --- a/2013/7xxx/CVE-2013-7098.json +++ b/2013/7xxx/CVE-2013-7098.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7098", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.infradead.org/openconnect/changelog.html", + "url": "http://www.infradead.org/openconnect/changelog.html" } ] } diff --git a/2013/7xxx/CVE-2013-7173.json b/2013/7xxx/CVE-2013-7173.json index 6f3e231180c..c7344511779 100644 --- a/2013/7xxx/CVE-2013-7173.json +++ b/2013/7xxx/CVE-2013-7173.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7173", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Belkin n750 routers have a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=RG1k8S3VHnQ", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=RG1k8S3VHnQ" + }, + { + "refsource": "MISC", + "name": "https://pixels.camp/marcovazpt", + "url": "https://pixels.camp/marcovazpt" } ] } diff --git a/2013/7xxx/CVE-2013-7286.json b/2013/7xxx/CVE-2013-7286.json index baeac80c97a..0c69ebde33b 100644 --- a/2013/7xxx/CVE-2013-7286.json +++ b/2013/7xxx/CVE-2013-7286.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7286", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2014/Apr/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Apr/21" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92352", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92352" } ] } diff --git a/2013/7xxx/CVE-2013-7287.json b/2013/7xxx/CVE-2013-7287.json index 6886d519910..58a751daac4 100644 --- a/2013/7xxx/CVE-2013-7287.json +++ b/2013/7xxx/CVE-2013-7287.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7287", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2014/Apr/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Apr/21" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/531713", + "url": "https://www.securityfocus.com/archive/1/531713" } ] } diff --git a/2013/7xxx/CVE-2013-7378.json b/2013/7xxx/CVE-2013-7378.json index 6a18cd25293..96cf9db1881 100644 --- a/2013/7xxx/CVE-2013-7378.json +++ b/2013/7xxx/CVE-2013-7378.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7378", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/13/1", + "url": "http://www.openwall.com/lists/oss-security/2014/05/13/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/15/2", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/2" + }, + { + "refsource": "MISC", + "name": "https://github.com/github/hubot-scripts/commit/feee5abdb038a229a98969ae443cdb8a61747782", + "url": "https://github.com/github/hubot-scripts/commit/feee5abdb038a229a98969ae443cdb8a61747782" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20140731222413/https://nodesecurity.io/advisories/Hubot_Potential_command_injection_in_email.coffee", + "url": "https://web.archive.org/web/20140731222413/https://nodesecurity.io/advisories/Hubot_Potential_command_injection_in_email.coffee" } ] } diff --git a/2013/7xxx/CVE-2013-7381.json b/2013/7xxx/CVE-2013-7381.json index 7fc34b51e3a..f78e4d631f2 100644 --- a/2013/7xxx/CVE-2013-7381.json +++ b/2013/7xxx/CVE-2013-7381.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7381", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify", + "url": "https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/13/1", + "url": "http://www.openwall.com/lists/oss-security/2014/05/13/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/15/2", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/2" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/mytrile/node-libnotify/commit/dfe7801d73a0dda10663a0ff3d0ec8b4d5f0d448", + "url": "https://github.com/mytrile/node-libnotify/commit/dfe7801d73a0dda10663a0ff3d0ec8b4d5f0d448" } ] } diff --git a/2014/0xxx/CVE-2014-0033.json b/2014/0xxx/CVE-2014-0033.json index cdb494b51e1..11c13439082 100644 --- a/2014/0xxx/CVE-2014-0033.json +++ b/2014/0xxx/CVE-2014-0033.json @@ -161,6 +161,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0075.json b/2014/0xxx/CVE-2014-0075.json index 8ee95bd7a79..35c3192d0cf 100644 --- a/2014/0xxx/CVE-2014-0075.json +++ b/2014/0xxx/CVE-2014-0075.json @@ -286,6 +286,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0096.json b/2014/0xxx/CVE-2014-0096.json index 630bfb0cab5..050dda7df56 100644 --- a/2014/0xxx/CVE-2014-0096.json +++ b/2014/0xxx/CVE-2014-0096.json @@ -291,6 +291,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0099.json b/2014/0xxx/CVE-2014-0099.json index e045674c8e6..c79ba60d20f 100644 --- a/2014/0xxx/CVE-2014-0099.json +++ b/2014/0xxx/CVE-2014-0099.json @@ -296,6 +296,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0119.json b/2014/0xxx/CVE-2014-0119.json index 256a2166995..50d320d97f6 100644 --- a/2014/0xxx/CVE-2014-0119.json +++ b/2014/0xxx/CVE-2014-0119.json @@ -301,6 +301,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0160.json b/2014/0xxx/CVE-2014-0160.json index 5adb4410ee1..13fec472d8b 100644 --- a/2014/0xxx/CVE-2014-0160.json +++ b/2014/0xxx/CVE-2014-0160.json @@ -681,6 +681,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0198.json b/2014/0xxx/CVE-2014-0198.json index a3df1420698..0fb44c8443e 100644 --- a/2014/0xxx/CVE-2014-0198.json +++ b/2014/0xxx/CVE-2014-0198.json @@ -606,6 +606,11 @@ "name": "60049", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60049" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" } ] } diff --git a/2014/0xxx/CVE-2014-0224.json b/2014/0xxx/CVE-2014-0224.json index 168a4c573f1..01458bb4294 100644 --- a/2014/0xxx/CVE-2014-0224.json +++ b/2014/0xxx/CVE-2014-0224.json @@ -1566,6 +1566,11 @@ "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" } ] } diff --git a/2014/0xxx/CVE-2014-0227.json b/2014/0xxx/CVE-2014-0227.json index 0030867c523..25c0ce8aba2 100644 --- a/2014/0xxx/CVE-2014-0227.json +++ b/2014/0xxx/CVE-2014-0227.json @@ -226,6 +226,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0230.json b/2014/0xxx/CVE-2014-0230.json index dc07b7f0a42..25e62059be7 100644 --- a/2014/0xxx/CVE-2014-0230.json +++ b/2014/0xxx/CVE-2014-0230.json @@ -236,6 +236,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0234.json b/2014/0xxx/CVE-2014-0234.json index 8da12dc3e94..700e752cdb0 100644 --- a/2014/0xxx/CVE-2014-0234.json +++ b/2014/0xxx/CVE-2014-0234.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0234", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift Enterprise", + "version": { + "version_data": [ + { + "version_value": "2.x before 2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/openshift/openshift-extras/blob/master/README.md", + "url": "https://github.com/openshift/openshift-extras/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2014/06/05/19", + "url": "http://openwall.com/lists/oss-security/2014/06/05/19" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1097008" + }, + { + "refsource": "MISC", + "name": "https://rhn.redhat.com/errata/RHSA-2014-0487.html", + "url": "https://rhn.redhat.com/errata/RHSA-2014-0487.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/67657", + "url": "http://www.securityfocus.com/bid/67657" } ] } diff --git a/2014/10xxx/CVE-2014-10399.json b/2014/10xxx/CVE-2014-10399.json new file mode 100644 index 00000000000..2519159a8e6 --- /dev/null +++ b/2014/10xxx/CVE-2014-10399.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-10399", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Apr/318", + "url": "http://seclists.org/fulldisclosure/2014/Apr/318" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", + "url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875." + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10400.json b/2014/10xxx/CVE-2014-10400.json new file mode 100644 index 00000000000..466c801c967 --- /dev/null +++ b/2014/10xxx/CVE-2014-10400.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-10400", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Apr/318", + "url": "http://seclists.org/fulldisclosure/2014/Apr/318" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", + "url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1617.json b/2014/1xxx/CVE-2014-1617.json index 79246698377..9b76a0202a0 100644 --- a/2014/1xxx/CVE-2014-1617.json +++ b/2014/1xxx/CVE-2014-1617.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1617", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/cve/CVE-2014-1617", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2014-1617" + }, + { + "refsource": "MISC", + "name": "http://fortiguardcenter.com/encyclopedia/ips/38068", + "url": "http://fortiguardcenter.com/encyclopedia/ips/38068" } ] } diff --git a/2014/1xxx/CVE-2014-1958.json b/2014/1xxx/CVE-2014-1958.json index 8dd25ee563e..d1285501585 100644 --- a/2014/1xxx/CVE-2014-1958.json +++ b/2014/1xxx/CVE-2014-1958.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1958", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://trac.imagemagick.org/changeset/14801", + "url": "http://trac.imagemagick.org/changeset/14801" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/13/2", + "url": "http://www.openwall.com/lists/oss-security/2014/02/13/2" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/13/5", + "url": "http://www.openwall.com/lists/oss-security/2014/02/13/5" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html" + }, + { + "refsource": "CONFIRM", + "name": "http://ubuntu.com/usn/usn-2132-1", + "url": "http://ubuntu.com/usn/usn-2132-1" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2014/02/19/13", + "url": "https://www.openwall.com/lists/oss-security/2014/02/19/13" } ] } diff --git a/2014/2xxx/CVE-2014-2030.json b/2014/2xxx/CVE-2014-2030.json index c6f088cb396..8da05485bf6 100644 --- a/2014/2xxx/CVE-2014-2030.json +++ b/2014/2xxx/CVE-2014-2030.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2030", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,86 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/12/2", + "url": "http://www.openwall.com/lists/oss-security/2014/02/12/2" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/13/5", + "url": "http://www.openwall.com/lists/oss-security/2014/02/13/5" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/19/13", + "url": "http://www.openwall.com/lists/oss-security/2014/02/19/13" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064098" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html" + }, + { + "refsource": "CONFIRM", + "name": "http://ubuntu.com/usn/usn-2132-1", + "url": "http://ubuntu.com/usn/usn-2132-1" + }, + { + "refsource": "CONFIRM", + "name": "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736", + "url": "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736" } ] } diff --git a/2014/2xxx/CVE-2014-2052.json b/2014/2xxx/CVE-2014-2052.json index 0121153c4fa..26690841542 100644 --- a/2014/2xxx/CVE-2014-2052.json +++ b/2014/2xxx/CVE-2014-2052.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2052", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/" + }, + { + "refsource": "CONFIRM", + "name": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/", + "url": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/66222", + "url": "https://www.securityfocus.com/bid/66222" } ] } diff --git a/2014/2xxx/CVE-2014-2225.json b/2014/2xxx/CVE-2014-2225.json index 5a03be01518..599a8147102 100644 --- a/2014/2xxx/CVE-2014-2225.json +++ b/2014/2xxx/CVE-2014-2225.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2225", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html", + "url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Jul/126", + "url": "http://seclists.org/fulldisclosure/2014/Jul/126" } ] } diff --git a/2014/2xxx/CVE-2014-2246.json b/2014/2xxx/CVE-2014-2246.json index 4ba4565ae00..67aef47e7cc 100644 --- a/2014/2xxx/CVE-2014-2246.json +++ b/2014/2xxx/CVE-2014-2246.json @@ -66,6 +66,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2247.json b/2014/2xxx/CVE-2014-2247.json index 739c5b13cff..373fdda6fe2 100644 --- a/2014/2xxx/CVE-2014-2247.json +++ b/2014/2xxx/CVE-2014-2247.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2248.json b/2014/2xxx/CVE-2014-2248.json index 715f1cf0de2..471a25fc93e 100644 --- a/2014/2xxx/CVE-2014-2248.json +++ b/2014/2xxx/CVE-2014-2248.json @@ -66,6 +66,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2249.json b/2014/2xxx/CVE-2014-2249.json index 39acc42cf33..66ba3e6fa6f 100644 --- a/2014/2xxx/CVE-2014-2249.json +++ b/2014/2xxx/CVE-2014-2249.json @@ -71,6 +71,16 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2250.json b/2014/2xxx/CVE-2014-2250.json index d5af95ed02f..f8ed72ca26b 100644 --- a/2014/2xxx/CVE-2014-2250.json +++ b/2014/2xxx/CVE-2014-2250.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2251.json b/2014/2xxx/CVE-2014-2251.json index 5c61ad48570..f244bb2a2b6 100644 --- a/2014/2xxx/CVE-2014-2251.json +++ b/2014/2xxx/CVE-2014-2251.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2252.json b/2014/2xxx/CVE-2014-2252.json index 3f03476af5b..4627adc7ed1 100644 --- a/2014/2xxx/CVE-2014-2252.json +++ b/2014/2xxx/CVE-2014-2252.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2253.json b/2014/2xxx/CVE-2014-2253.json index 5f0d869d2ff..454907ef9be 100644 --- a/2014/2xxx/CVE-2014-2253.json +++ b/2014/2xxx/CVE-2014-2253.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2254.json b/2014/2xxx/CVE-2014-2254.json index b63d2003b1e..291d5481101 100644 --- a/2014/2xxx/CVE-2014-2254.json +++ b/2014/2xxx/CVE-2014-2254.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2255.json b/2014/2xxx/CVE-2014-2255.json index 4a74def8af1..2ea917d73fb 100644 --- a/2014/2xxx/CVE-2014-2255.json +++ b/2014/2xxx/CVE-2014-2255.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2256.json b/2014/2xxx/CVE-2014-2256.json index 0f6e1a5d112..019d320349a 100644 --- a/2014/2xxx/CVE-2014-2256.json +++ b/2014/2xxx/CVE-2014-2256.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2257.json b/2014/2xxx/CVE-2014-2257.json index 7ffc18240af..7b25fa33460 100644 --- a/2014/2xxx/CVE-2014-2257.json +++ b/2014/2xxx/CVE-2014-2257.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2258.json b/2014/2xxx/CVE-2014-2258.json index 3318e05afe1..4de7fe195ab 100644 --- a/2014/2xxx/CVE-2014-2258.json +++ b/2014/2xxx/CVE-2014-2258.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2259.json b/2014/2xxx/CVE-2014-2259.json index 2d7676c7901..e671884e80b 100644 --- a/2014/2xxx/CVE-2014-2259.json +++ b/2014/2xxx/CVE-2014-2259.json @@ -61,6 +61,11 @@ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2560.json b/2014/2xxx/CVE-2014-2560.json index 908d296593a..0fe11b2f9e7 100644 --- a/2014/2xxx/CVE-2014-2560.json +++ b/2014/2xxx/CVE-2014-2560.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2560", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a \"SIP Digest Leak\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2014/Mar/185", + "url": "https://seclists.org/bugtraq/2014/Mar/185" } ] } diff --git a/2014/2xxx/CVE-2014-2595.json b/2014/2xxx/CVE-2014-2595.json index 9ed3f95b255..6f797246f72 100644 --- a/2014/2xxx/CVE-2014-2595.json +++ b/2014/2xxx/CVE-2014-2595.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2595", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html" + }, + { + "refsource": "MISC", + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Aug/5", + "url": "http://seclists.org/fulldisclosure/2014/Aug/5" + }, + { + "refsource": "MISC", + "name": "http://www.osvdb.org/109782", + "url": "http://www.osvdb.org/109782" + }, + { + "refsource": "MISC", + "name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", + "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/69028", + "url": "https://www.securityfocus.com/bid/69028" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/39278", + "url": "https://www.exploit-db.com/exploits/39278" } ] } diff --git a/2014/2xxx/CVE-2014-2630.json b/2014/2xxx/CVE-2014-2630.json index efcf52db0cf..f83fb824423 100644 --- a/2014/2xxx/CVE-2014-2630.json +++ b/2014/2xxx/CVE-2014-2630.json @@ -76,6 +76,21 @@ "name": "1030702", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030702" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200207 xglance-bin exploit (CVE-2014-2630)", + "url": "http://seclists.org/fulldisclosure/2020/Feb/1" + }, + { + "refsource": "BUGTRAQ", + "name": "20200210 xglance-bin exploit (CVE-2014-2630)", + "url": "https://seclists.org/bugtraq/2020/Feb/7" } ] } diff --git a/2014/2xxx/CVE-2014-2875.json b/2014/2xxx/CVE-2014-2875.json index 2265acc8733..51265eea8ac 100644 --- a/2014/2xxx/CVE-2014-2875.json +++ b/2014/2xxx/CVE-2014-2875.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2875", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Apr/318", + "url": "http://seclists.org/fulldisclosure/2014/Apr/318" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid", + "url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid" } ] } diff --git a/2014/2xxx/CVE-2014-2908.json b/2014/2xxx/CVE-2014-2908.json index 488ca220c89..1996a20724b 100644 --- a/2014/2xxx/CVE-2014-2908.json +++ b/2014/2xxx/CVE-2014-2908.json @@ -66,6 +66,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2909.json b/2014/2xxx/CVE-2014-2909.json index 840d3cf08e5..146ea3cf22e 100644 --- a/2014/2xxx/CVE-2014-2909.json +++ b/2014/2xxx/CVE-2014-2909.json @@ -61,6 +61,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf" } ] } diff --git a/2014/3xxx/CVE-2014-3208.json b/2014/3xxx/CVE-2014-3208.json index f5d573a2fe9..91340b96420 100644 --- a/2014/3xxx/CVE-2014-3208.json +++ b/2014/3xxx/CVE-2014-3208.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3208", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery)," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2014/05/05/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/05/3" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/67219", + "url": "https://www.securityfocus.com/bid/67219" } ] } diff --git a/2014/3xxx/CVE-2014-3470.json b/2014/3xxx/CVE-2014-3470.json index 89e740da126..72c88ec03f2 100644 --- a/2014/3xxx/CVE-2014-3470.json +++ b/2014/3xxx/CVE-2014-3470.json @@ -801,6 +801,11 @@ "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" } ] } diff --git a/2014/3xxx/CVE-2014-3826.json b/2014/3xxx/CVE-2014-3826.json index db7c3655b7d..e1889a3999e 100644 --- a/2014/3xxx/CVE-2014-3826.json +++ b/2014/3xxx/CVE-2014-3826.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3826", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://adamziaja.com/poc/201312-xss-mybb.html", + "url": "http://adamziaja.com/poc/201312-xss-mybb.html" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2014/3xxx/CVE-2014-3827.json b/2014/3xxx/CVE-2014-3827.json index 63392d4b6bf..11339718a10 100644 --- a/2014/3xxx/CVE-2014-3827.json +++ b/2014/3xxx/CVE-2014-3827.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3827", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/", + "url": "http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/" + }, + { + "refsource": "MISC", + "name": "https://adamziaja.com/poc/201312-xss-mybb.html", + "url": "https://adamziaja.com/poc/201312-xss-mybb.html" } ] } diff --git a/2014/3xxx/CVE-2014-3860.json b/2014/3xxx/CVE-2014-3860.json index a5714a67db5..e5ed3360d78 100644 --- a/2014/3xxx/CVE-2014-3860.json +++ b/2014/3xxx/CVE-2014-3860.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3860", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html" } ] } diff --git a/2014/3xxx/CVE-2014-3893.json b/2014/3xxx/CVE-2014-3893.json index 07a3d1de1aa..3973160eb9c 100644 --- a/2014/3xxx/CVE-2014-3893.json +++ b/2014/3xxx/CVE-2014-3893.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-3893", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3893", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2014/3xxx/CVE-2014-3919.json b/2014/3xxx/CVE-2014-3919.json index 78bc07727c4..25a0da613a5 100644 --- a/2014/3xxx/CVE-2014-3919.json +++ b/2014/3xxx/CVE-2014-3919.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3919", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://softage.be/netgear/", + "refsource": "MISC", + "name": "http://softage.be/netgear/" } ] } diff --git a/2014/4xxx/CVE-2014-4170.json b/2014/4xxx/CVE-2014-4170.json index 4f1a76569b3..98cbcb597fd 100644 --- a/2014/4xxx/CVE-2014-4170.json +++ b/2014/4xxx/CVE-2014-4170.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4170", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127701/Free-Reprintables-ArticleFR-11.06.2014-Improper-Access-Control.html" + }, + { + "url": "http://www.exploit-db.com/exploits/34245", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/34245" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95051", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95051" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/68980", + "url": "https://www.securityfocus.com/bid/68980" } ] } diff --git a/2014/4xxx/CVE-2014-4198.json b/2014/4xxx/CVE-2014-4198.json index 1edf469bc69..18dee41257d 100644 --- a/2014/4xxx/CVE-2014-4198.json +++ b/2014/4xxx/CVE-2014-4198.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4198", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt" } ] } diff --git a/2014/4xxx/CVE-2014-4607.json b/2014/4xxx/CVE-2014-4607.json index 123983ed418..fb6003fb0f4 100644 --- a/2014/4xxx/CVE-2014-4607.json +++ b/2014/4xxx/CVE-2014-4607.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4607", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", + "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" + }, + { + "refsource": "CONFIRM", + "name": "https://web.archive.org/web/20140701023922/http://www.oberhumer.com/opensource/lzo/", + "url": "https://web.archive.org/web/20140701023922/http://www.oberhumer.com/opensource/lzo/" } ] } diff --git a/2014/4xxx/CVE-2014-4968.json b/2014/4xxx/CVE-2014-4968.json index 5654ab978c4..394edc9dc98 100644 --- a/2014/4xxx/CVE-2014-4968.json +++ b/2014/4xxx/CVE-2014-4968.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4968", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/34088/", + "url": "http://www.exploit-db.com/exploits/34088/" } ] } diff --git a/2014/5xxx/CVE-2014-5074.json b/2014/5xxx/CVE-2014-5074.json index 79b6cd25788..24abf4ebbbd 100644 --- a/2014/5xxx/CVE-2014-5074.json +++ b/2014/5xxx/CVE-2014-5074.json @@ -66,6 +66,11 @@ "name": "44693", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44693/" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf" } ] } diff --git a/2014/5xxx/CVE-2014-5083.json b/2014/5xxx/CVE-2014-5083.json index 534edcac766..a40bc1da482 100644 --- a/2014/5xxx/CVE-2014-5083.json +++ b/2014/5xxx/CVE-2014-5083.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5083", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html" } ] } diff --git a/2014/5xxx/CVE-2014-5084.json b/2014/5xxx/CVE-2014-5084.json index cb39d965189..3637c72e606 100644 --- a/2014/5xxx/CVE-2014-5084.json +++ b/2014/5xxx/CVE-2014-5084.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5084", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html" } ] } diff --git a/2014/5xxx/CVE-2014-5085.json b/2014/5xxx/CVE-2014-5085.json index f8140d9de42..73940d29a07 100644 --- a/2014/5xxx/CVE-2014-5085.json +++ b/2014/5xxx/CVE-2014-5085.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5085", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html" } ] } diff --git a/2014/5xxx/CVE-2014-5086.json b/2014/5xxx/CVE-2014-5086.json index 967ba9d0245..f32bb3f16bd 100644 --- a/2014/5xxx/CVE-2014-5086.json +++ b/2014/5xxx/CVE-2014-5086.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5086", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don\u2019t exist in Sphider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html" } ] } diff --git a/2014/5xxx/CVE-2014-5087.json b/2014/5xxx/CVE-2014-5087.json index 67fc6a07945..9ac7579f836 100644 --- a/2014/5xxx/CVE-2014-5087.json +++ b/2014/5xxx/CVE-2014-5087.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5087", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://vulmon.com/searchpage?page=2&q=Shayan+S", + "url": "https://vulmon.com/searchpage?page=2&q=Shayan+S" } ] } diff --git a/2014/5xxx/CVE-2014-5091.json b/2014/5xxx/CVE-2014-5091.json index 1b687df4426..24f14567ca8 100644 --- a/2014/5xxx/CVE-2014-5091.json +++ b/2014/5xxx/CVE-2014-5091.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5091", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html" + }, + { + "url": "http://www.exploit-db.com/exploits/34239", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/34239" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/69008", + "url": "https://www.securityfocus.com/bid/69008" } ] } diff --git a/2014/5xxx/CVE-2014-5278.json b/2014/5xxx/CVE-2014-5278.json index ab3f9b33fb2..10df4c5cb3e 100644 --- a/2014/5xxx/CVE-2014-5278.json +++ b/2014/5xxx/CVE-2014-5278.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5278", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/forum/message/raw?msg=docker-user/jyf9_mYcMI8/EIZfwe2QNzYJ", + "refsource": "MISC", + "name": "https://groups.google.com/forum/message/raw?msg=docker-user/jyf9_mYcMI8/EIZfwe2QNzYJ" + }, + { + "refsource": "MISC", + "name": "https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278", + "url": "https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!topic/docker-announce/lK6fQY6Jy84", + "url": "https://groups.google.com/forum/#!topic/docker-announce/lK6fQY6Jy84" } ] } diff --git a/2014/5xxx/CVE-2014-5288.json b/2014/5xxx/CVE-2014-5288.json index ad29a20785e..c959829bd2b 100644 --- a/2014/5xxx/CVE-2014-5288.json +++ b/2014/5xxx/CVE-2014-5288.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5288", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html" + }, + { + "url": "https://www.exploit-db.com/exploits/36609/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/36609/" } ] } diff --git a/2014/5xxx/CVE-2014-5298.json b/2014/5xxx/CVE-2014-5298.json index fc53cd8334c..95a9a612957 100644 --- a/2014/5xxx/CVE-2014-5298.json +++ b/2014/5xxx/CVE-2014-5298.json @@ -76,6 +76,11 @@ "name": "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md", "refsource": "CONFIRM", "url": "https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" } ] } diff --git a/2014/5xxx/CVE-2014-5439.json b/2014/5xxx/CVE-2014-5439.json index ac26200e9af..bfbe8ee979e 100644 --- a/2014/5xxx/CVE-2014-5439.json +++ b/2014/5xxx/CVE-2014-5439.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "sniffit 0.3.7 and prior: A configuration file can be leveraged to execute code as root" + "value": "Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code." } ] }, @@ -58,9 +58,14 @@ "name": "http://packetstormsecurity.com/files/129292/Sniffit-Root-Shell.html" }, { - "url": "https://security-tracker.debian.org/tracker/CVE-2014-5439", + "url": "http://www.securityfocus.com/bid/71318", "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2014-5439" + "name": "http://www.securityfocus.com/bid/71318" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Nov/88", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Nov/88" } ] } diff --git a/2014/5xxx/CVE-2014-5468.json b/2014/5xxx/CVE-2014-5468.json index f02f30ee82c..313d869344f 100644 --- a/2014/5xxx/CVE-2014-5468.json +++ b/2014/5xxx/CVE-2014-5468.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5468", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html" + }, + { + "url": "http://www.exploit-db.com/exploits/34669", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/34669" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95959", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95959" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/69761", + "url": "https://www.securityfocus.com/bid/69761" + }, + { + "refsource": "MISC", + "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-5468", + "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-5468" } ] } diff --git a/2014/6xxx/CVE-2014-6262.json b/2014/6xxx/CVE-2014-6262.json index 16a195dbaa7..045a314df2c 100644 --- a/2014/6xxx/CVE-2014-6262.json +++ b/2014/6xxx/CVE-2014-6262.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6262", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + }, + { + "refsource": "MISC", + "name": "http://www.kb.cert.org/vuls/id/449452", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/71540", + "url": "https://www.securityfocus.com/bid/71540" } ] } diff --git a/2014/6xxx/CVE-2014-6413.json b/2014/6xxx/CVE-2014-6413.json index 8dc4ed11b86..a96d047b99f 100644 --- a/2014/6xxx/CVE-2014-6413.json +++ b/2014/6xxx/CVE-2014-6413.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6413", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/69958", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69958" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Sep/70", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Sep/70" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/128310", + "url": "https://packetstormsecurity.com/files/128310" } ] } diff --git a/2014/6xxx/CVE-2014-6447.json b/2014/6xxx/CVE-2014-6447.json index b76d6e39654..ce09d55d44a 100644 --- a/2014/6xxx/CVE-2014-6447.json +++ b/2014/6xxx/CVE-2014-6447.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6447", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682" + }, + { + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1032846", + "url": "http://www.securitytracker.com/id/1032846" } ] } diff --git a/2014/7xxx/CVE-2014-7224.json b/2014/7xxx/CVE-2014-7224.json index 7140b8335b9..db064e694d6 100644 --- a/2014/7xxx/CVE-2014-7224.json +++ b/2014/7xxx/CVE-2014-7224.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7224", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2014/10/02/20", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/10/02/20" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833" + }, + { + "refsource": "MISC", + "name": "https://daoyuan14.github.io/news/newattackvector.html", + "url": "https://daoyuan14.github.io/news/newattackvector.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/70222", + "url": "https://www.securityfocus.com/bid/70222" } ] } diff --git a/2014/7xxx/CVE-2014-7810.json b/2014/7xxx/CVE-2014-7810.json index 7677321c5e6..6016e1abf90 100644 --- a/2014/7xxx/CVE-2014-7810.json +++ b/2014/7xxx/CVE-2014-7810.json @@ -186,6 +186,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/7xxx/CVE-2014-7863.json b/2014/7xxx/CVE-2014-7863.json index d02f8c34e6b..18ddd18ca7f 100644 --- a/2014/7xxx/CVE-2014-7863.json +++ b/2014/7xxx/CVE-2014-7863.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7863", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jan/114", + "url": "http://seclists.org/fulldisclosure/2015/Jan/114" + }, + { + "refsource": "MISC", + "name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet", + "url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100554" } ] } diff --git a/2014/7xxx/CVE-2014-7969.json b/2014/7xxx/CVE-2014-7969.json index ee84c0f1130..8ce02302776 100644 --- a/2014/7xxx/CVE-2014-7969.json +++ b/2014/7xxx/CVE-2014-7969.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-7969", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7969", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8739. Reason: This candidate is a duplicate of CVE-2014-8739. Notes: All CVE users should reference CVE-2014-8739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2014/8xxx/CVE-2014-8111.json b/2014/8xxx/CVE-2014-8111.json index 3bf000ac3d2..6062234d886 100644 --- a/2014/8xxx/CVE-2014-8111.json +++ b/2014/8xxx/CVE-2014-8111.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2014/8xxx/CVE-2014-8128.json b/2014/8xxx/CVE-2014-8128.json index 89511707fa1..8c297725c36 100644 --- a/2014/8xxx/CVE-2014-8128.json +++ b/2014/8xxx/CVE-2014-8128.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8128", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LibTIFF", + "version": { + "version_data": [ + { + "version_value": "prior to 4.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt", + "url": "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/24/15", + "url": "http://openwall.com/lists/oss-security/2015/01/24/15" + }, + { + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT204941", + "url": "http://support.apple.com/kb/HT204941" + }, + { + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT204942", + "url": "http://support.apple.com/kb/HT204942" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185812", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185812" + }, + { + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" + }, + { + "refsource": "MISC", + "name": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" } ] } diff --git a/2014/8xxx/CVE-2014-8271.json b/2014/8xxx/CVE-2014-8271.json index b0b8b90e38b..892823c6a57 100644 --- a/2014/8xxx/CVE-2014-8271.json +++ b/2014/8xxx/CVE-2014-8271.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2014-8271", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tianocore", + "product": { + "product_data": [ + { + "product_name": "EDK2", + "version": { + "version_data": [ + { + "version_value": "before SVN 16280" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sourceforge.net/p/edk2/code/16280/", + "url": "http://sourceforge.net/p/edk2/code/16280/" + }, + { + "refsource": "MISC", + "name": "http://www.kb.cert.org/vuls/id/533140", + "url": "http://www.kb.cert.org/vuls/id/533140" } ] } diff --git a/2014/8xxx/CVE-2014-8347.json b/2014/8xxx/CVE-2014-8347.json index e1faaa216c8..26b6c43b459 100644 --- a/2014/8xxx/CVE-2014-8347.json +++ b/2014/8xxx/CVE-2014-8347.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8347", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypass-Privilege-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypass-Privilege-Escalation.html" + }, + { + "url": "http://www.exploit-db.com/exploits/35077", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/35077" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97780", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97780" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/533814", + "url": "https://www.securityfocus.com/archive/1/533814" + }, + { + "refsource": "MISC", + "name": "https://lists.openwall.net/bugtraq/2014/10/27/4", + "url": "https://lists.openwall.net/bugtraq/2014/10/27/4" } ] } diff --git a/2014/8xxx/CVE-2014-8478.json b/2014/8xxx/CVE-2014-8478.json index a4cd238bd17..1d2b86cf92d 100644 --- a/2014/8xxx/CVE-2014-8478.json +++ b/2014/8xxx/CVE-2014-8478.json @@ -56,6 +56,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf" } ] } diff --git a/2014/8xxx/CVE-2014-8479.json b/2014/8xxx/CVE-2014-8479.json index 38ae60ebaf0..11848cbe1ba 100644 --- a/2014/8xxx/CVE-2014-8479.json +++ b/2014/8xxx/CVE-2014-8479.json @@ -56,6 +56,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-321046.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf" } ] } diff --git a/2014/8xxx/CVE-2014-8739.json b/2014/8xxx/CVE-2014-8739.json index 5a15dd3e255..472a863b8c1 100644 --- a/2014/8xxx/CVE-2014-8739.json +++ b/2014/8xxx/CVE-2014-8739.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8739", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,86 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/35057/", + "url": "https://www.exploit-db.com/exploits/35057/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/36811/", + "url": "https://www.exploit-db.com/exploits/36811/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/11/11/4", + "url": "http://www.openwall.com/lists/oss-security/2014/11/11/4" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/11/11/5", + "url": "http://www.openwall.com/lists/oss-security/2014/11/11/5" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/11/13/3", + "url": "http://www.openwall.com/lists/oss-security/2014/11/13/3" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/sexy-contact-form/changelog/", + "url": "https://wordpress.org/plugins/sexy-contact-form/changelog/" + }, + { + "refsource": "MISC", + "name": "http://osvdb.org/show/osvdb/113669", + "url": "http://osvdb.org/show/osvdb/113669" + }, + { + "refsource": "MISC", + "name": "http://osvdb.org/show/osvdb/113673", + "url": "http://osvdb.org/show/osvdb/113673" } ] } diff --git a/2014/9xxx/CVE-2014-9126.json b/2014/9xxx/CVE-2014-9126.json index 245c53d3ee6..c924692370f 100644 --- a/2014/9xxx/CVE-2014-9126.json +++ b/2014/9xxx/CVE-2014-9126.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9126", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", + "url": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html" } ] } diff --git a/2014/9xxx/CVE-2014-9127.json b/2014/9xxx/CVE-2014-9127.json index 254c5c06068..18d0d922bd2 100644 --- a/2014/9xxx/CVE-2014-9127.json +++ b/2014/9xxx/CVE-2014-9127.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9127", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html", + "url": "http://packetstormsecurity.com/files/130090/OpenSchool-Community-Edition-2.2-XSS-Access-Bypass.html" } ] } diff --git a/2014/9xxx/CVE-2014-9390.json b/2014/9xxx/CVE-2014-9390.json index 52fbd2689e8..9792bf34ee0 100644 --- a/2014/9xxx/CVE-2014-9390.json +++ b/2014/9xxx/CVE-2014-9390.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9390", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine; libgit2; Egit; and JGit allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=8769667", + "url": "https://news.ycombinator.com/item?id=8769667" + }, + { + "refsource": "MISC", + "name": "http://article.gmane.org/gmane.linux.kernel/1853266", + "url": "http://article.gmane.org/gmane.linux.kernel/1853266" + }, + { + "refsource": "MISC", + "name": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", + "url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html" + }, + { + "refsource": "MISC", + "name": "http://mercurial.selenic.com/wiki/WhatsNew", + "url": "http://mercurial.selenic.com/wiki/WhatsNew" + }, + { + "refsource": "MISC", + "name": "http://support.apple.com/kb/HT204147", + "url": "http://support.apple.com/kb/HT204147" + }, + { + "refsource": "MISC", + "name": "https://github.com/blog/1938-git-client-vulnerability-announced", + "url": "https://github.com/blog/1938-git-client-vulnerability-announced" + }, + { + "refsource": "MISC", + "name": "http://securitytracker.com/id?1031404", + "url": "http://securitytracker.com/id?1031404" } ] } diff --git a/2014/9xxx/CVE-2014-9470.json b/2014/9xxx/CVE-2014-9470.json index 7c5a02ff9bb..9d962a2b3a2 100644 --- a/2014/9xxx/CVE-2014-9470.json +++ b/2014/9xxx/CVE-2014-9470.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9470", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html", + "url": "http://www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jan/38", + "url": "http://seclists.org/fulldisclosure/2015/Jan/38" + }, + { + "refsource": "MISC", + "name": "http://www.fork-cms.com/blog/detail/fork-3.8.4-released", + "url": "http://www.fork-cms.com/blog/detail/fork-3.8.4-released" + }, + { + "refsource": "MISC", + "name": "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114", + "url": "https://github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114" + }, + { + "refsource": "MISC", + "name": "https://github.com/forkcms/forkcms/issues/1018s", + "url": "https://github.com/forkcms/forkcms/issues/1018s" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/72017", + "url": "http://www.securityfocus.com/bid/72017" } ] } diff --git a/2014/9xxx/CVE-2014-9530.json b/2014/9xxx/CVE-2014-9530.json index 382baadbf88..836d7564b53 100644 --- a/2014/9xxx/CVE-2014-9530.json +++ b/2014/9xxx/CVE-2014-9530.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9530", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md", + "url": "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md" } ] } diff --git a/2014/9xxx/CVE-2014-9748.json b/2014/9xxx/CVE-2014-9748.json index 03ccf6a9c4b..c62dbb24c92 100644 --- a/2014/9xxx/CVE-2014-9748.json +++ b/2014/9xxx/CVE-2014-9748.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9748", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ", + "url": "https://groups.google.com/forum/#!msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ" + }, + { + "refsource": "MISC", + "name": "https://github.com/libuv/libuv/issues/515", + "url": "https://github.com/libuv/libuv/issues/515" + }, + { + "refsource": "MISC", + "name": "https://github.com/libuv/libuv/pull/516", + "url": "https://github.com/libuv/libuv/pull/516" + }, + { + "refsource": "MISC", + "name": "https://github.com/nodejs/node/pull/2723", + "url": "https://github.com/nodejs/node/pull/2723" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!topic/libuv/WO2cl9zasN8", + "url": "https://groups.google.com/forum/#!topic/libuv/WO2cl9zasN8" } ] } diff --git a/2014/9xxx/CVE-2014-9753.json b/2014/9xxx/CVE-2014-9753.json index 5745e2b8745..29f23b4c562 100644 --- a/2014/9xxx/CVE-2014-9753.json +++ b/2014/9xxx/CVE-2014-9753.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9753", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2015-06", + "url": "http://karmainsecurity.com/KIS-2015-06" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Nov/11", + "url": "http://seclists.org/fulldisclosure/2015/Nov/11" + }, + { + "refsource": "MISC", + "name": "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml", + "url": "http://update.atutor.ca/patch/2_2/2_2-6/patch.xml" + }, + { + "refsource": "MISC", + "name": "https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d", + "url": "https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d" } ] } diff --git a/2015/0xxx/CVE-2015-0102.json b/2015/0xxx/CVE-2015-0102.json index ac059b4dc93..54cd3f3536b 100644 --- a/2015/0xxx/CVE-2015-0102.json +++ b/2015/0xxx/CVE-2015-0102.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-0102", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Workflow for Bluemix", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694941", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694941" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74220", + "url": "http://www.securityfocus.com/bid/74220" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/", + "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/" } ] } diff --git a/2015/0xxx/CVE-2015-0235.json b/2015/0xxx/CVE-2015-0235.json index 42d9e649eb2..9c5bb1e4e15 100644 --- a/2015/0xxx/CVE-2015-0235.json +++ b/2015/0xxx/CVE-2015-0235.json @@ -476,6 +476,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf" } ] } diff --git a/2015/0xxx/CVE-2015-0254.json b/2015/0xxx/CVE-2015-0254.json index c023386e9c9..5b090be85df 100644 --- a/2015/0xxx/CVE-2015-0254.json +++ b/2015/0xxx/CVE-2015-0254.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [27/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rfc2bfd99c340dafd501676693cd889c1f9f838b97bdd0776a8f5557d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/1xxx/CVE-2015-1048.json b/2015/1xxx/CVE-2015-1048.json index 12b9c5b1ab3..ee10fe86ba5 100644 --- a/2015/1xxx/CVE-2015-1048.json +++ b/2015/1xxx/CVE-2015-1048.json @@ -56,6 +56,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf" } ] } diff --git a/2015/1xxx/CVE-2015-1049.json b/2015/1xxx/CVE-2015-1049.json index db8033b0eb2..ad7660d0b06 100644 --- a/2015/1xxx/CVE-2015-1049.json +++ b/2015/1xxx/CVE-2015-1049.json @@ -56,6 +56,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf" } ] } diff --git a/2015/1xxx/CVE-2015-1394.json b/2015/1xxx/CVE-2015-1394.json index 7e57286d7ec..208a2002275 100644 --- a/2015/1xxx/CVE-2015-1394.json +++ b/2015/1xxx/CVE-2015-1394.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1394", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,72 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/photo-gallery/changelog/", + "url": "https://wordpress.org/plugins/photo-gallery/changelog/" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/1073334/", + "url": "https://plugins.trac.wordpress.org/changeset/1073334/" + }, + { + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery", + "url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2015/Jan/140", + "url": "https://seclists.org/bugtraq/2015/Jan/140" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1601.json b/2015/1xxx/CVE-2015-1601.json index c487d2e0e17..65aea48f21b 100644 --- a/2015/1xxx/CVE-2015-1601.json +++ b/2015/1xxx/CVE-2015-1601.json @@ -61,6 +61,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf" } ] } diff --git a/2015/2xxx/CVE-2015-2062.json b/2015/2xxx/CVE-2015-2062.json index 490c2db0fd2..74fbfca4268 100644 --- a/2015/2xxx/CVE-2015-2062.json +++ b/2015/2xxx/CVE-2015-2062.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2062", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23250", + "url": "https://www.htbridge.com/advisory/HTB23250" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection", + "url": "https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection" } ] } diff --git a/2015/2xxx/CVE-2015-2177.json b/2015/2xxx/CVE-2015-2177.json index 8d727b99016..29d8967581b 100644 --- a/2015/2xxx/CVE-2015-2177.json +++ b/2015/2xxx/CVE-2015-2177.json @@ -76,6 +76,11 @@ "name": "72973", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72973" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf" } ] } diff --git a/2015/2xxx/CVE-2015-2207.json b/2015/2xxx/CVE-2015-2207.json index ecb71b2883a..a6139061030 100644 --- a/2015/2xxx/CVE-2015-2207.json +++ b/2015/2xxx/CVE-2015-2207.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2207", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/132807/NetCracker-Resource-Management-System-8.0-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536053/100/0/threaded" } ] } diff --git a/2015/2xxx/CVE-2015-2287.json b/2015/2xxx/CVE-2015-2287.json index 6fa845fc30c..e78cff8f7b6 100644 --- a/2015/2xxx/CVE-2015-2287.json +++ b/2015/2xxx/CVE-2015-2287.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-2287", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2287", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A typo caused the wrong ID to be used. Notes: none." } ] } diff --git a/2015/2xxx/CVE-2015-2802.json b/2015/2xxx/CVE-2015-2802.json index 229527141ca..c595c78ee76 100644 --- a/2015/2xxx/CVE-2015-2802.json +++ b/2015/2xxx/CVE-2015-2802.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2802", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/75258", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/75258" + }, + { + "refsource": "CONFIRM", + "name": "http://marc.info/?l=bugtraq&m=143455780010289&w=2", + "url": "http://marc.info/?l=bugtraq&m=143455780010289&w=2" + }, + { + "refsource": "CONFIRM", + "name": "http://marc.info/?l=bugtraq&m=143629738517220&w=2", + "url": "http://marc.info/?l=bugtraq&m=143629738517220&w=2" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2015-2802", + "url": "https://packetstormsecurity.com/files/cve/CVE-2015-2802" + }, + { + "refsource": "MISC", + "name": "https://securitytracker.com/id/1032599", + "url": "https://securitytracker.com/id/1032599" } ] } diff --git a/2015/2xxx/CVE-2015-2822.json b/2015/2xxx/CVE-2015-2822.json index 140149ac5c9..f2ad1d3a675 100644 --- a/2015/2xxx/CVE-2015-2822.json +++ b/2015/2xxx/CVE-2015-2822.json @@ -61,6 +61,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf" } ] } diff --git a/2015/2xxx/CVE-2015-2823.json b/2015/2xxx/CVE-2015-2823.json index bd1f976d2cc..c8f7048bf8b 100644 --- a/2015/2xxx/CVE-2015-2823.json +++ b/2015/2xxx/CVE-2015-2823.json @@ -61,6 +61,11 @@ "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf" } ] } diff --git a/2015/2xxx/CVE-2015-2909.json b/2015/2xxx/CVE-2015-2909.json index a3147e317fb..1744d48519b 100644 --- a/2015/2xxx/CVE-2015-2909.json +++ b/2015/2xxx/CVE-2015-2909.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2015-2909", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,96 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \"The user is presented with clear warnings on the GUI that they should set usernames and passwords.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dedicated Micros", + "product": { + "product_data": [ + { + "product_name": "DV-IP Express", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + }, + { + "product_name": "SD Advanced", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + }, + { + "product_name": "SD", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + }, + { + "product_name": "EcoSense", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + }, + { + "product_name": "DS2", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/", + "url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/" + }, + { + "refsource": "MISC", + "name": "http://www.kb.cert.org/vuls/id/276148", + "url": "http://www.kb.cert.org/vuls/id/276148" } ] } diff --git a/2015/3xxx/CVE-2015-3309.json b/2015/3xxx/CVE-2015-3309.json index b81e32a10de..30a72c78a34 100644 --- a/2015/3xxx/CVE-2015-3309.json +++ b/2015/3xxx/CVE-2015-3309.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3309", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://cve.killedkenny.io/cve/CVE-2015-3309", + "url": "http://cve.killedkenny.io/cve/CVE-2015-3309" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/16/8", + "url": "http://www.openwall.com/lists/oss-security/2015/04/16/8" + }, + { + "refsource": "MISC", + "name": "https://github.com/ether/etherpad-lite/commit/0fa7650df8f940ed6b577d79836a78eb09726c4b", + "url": "https://github.com/ether/etherpad-lite/commit/0fa7650df8f940ed6b577d79836a78eb09726c4b" } ] } diff --git a/2015/3xxx/CVE-2015-3423.json b/2015/3xxx/CVE-2015-3423.json index 59bc2088c8e..00c2902d305 100644 --- a/2015/3xxx/CVE-2015-3423.json +++ b/2015/3xxx/CVE-2015-3423.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3423", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/132808/NetCracker-Resource-Management-System-8.0-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536054/100/0/threaded" } ] } diff --git a/2015/3xxx/CVE-2015-3611.json b/2015/3xxx/CVE-2015-3611.json index fbaba61a738..93e7dace1b8 100644 --- a/2015/3xxx/CVE-2015-3611.json +++ b/2015/3xxx/CVE-2015-3611.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3611", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-15-011", + "url": "https://fortiguard.com/psirt/FG-IR-15-011" + }, + { + "url": "http://www.securityfocus.com/bid/74444", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74444" + }, + { + "url": "http://www.securitytracker.com/id/1032188", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1032188" } ] } diff --git a/2015/3xxx/CVE-2015-3612.json b/2015/3xxx/CVE-2015-3612.json index 75f288f8b19..28f1c2e284e 100644 --- a/2015/3xxx/CVE-2015-3612.json +++ b/2015/3xxx/CVE-2015-3612.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3612", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-15-011", + "url": "https://fortiguard.com/psirt/FG-IR-15-011" + }, + { + "url": "http://www.securityfocus.com/bid/74444", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74444" + }, + { + "url": "http://www.securitytracker.com/id/1032188", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1032188" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-15-011", + "url": "https://fortiguard.com/psirt/FG-IR-15-011" } ] } diff --git a/2015/3xxx/CVE-2015-3613.json b/2015/3xxx/CVE-2015-3613.json index 2bd52e91bd9..c932188af78 100644 --- a/2015/3xxx/CVE-2015-3613.json +++ b/2015/3xxx/CVE-2015-3613.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3613", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-15-011", + "url": "https://fortiguard.com/psirt/FG-IR-15-011" + }, + { + "url": "http://www.securityfocus.com/bid/74444", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74444" + }, + { + "url": "http://www.securitytracker.com/id/1032188", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1032188" } ] } diff --git a/2015/5xxx/CVE-2015-5174.json b/2015/5xxx/CVE-2015-5174.json index 0ecbac00b05..e2cea8ea9eb 100644 --- a/2015/5xxx/CVE-2015-5174.json +++ b/2015/5xxx/CVE-2015-5174.json @@ -271,6 +271,21 @@ "refsource": "MLIST", "name": "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context", "url": "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context", + "url": "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5345.json b/2015/5xxx/CVE-2015-5345.json index aa3358c1fd0..2d3277c721f 100644 --- a/2015/5xxx/CVE-2015-5345.json +++ b/2015/5xxx/CVE-2015-5345.json @@ -296,6 +296,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5346.json b/2015/5xxx/CVE-2015-5346.json index 01ceb09bb0c..2647280a438 100644 --- a/2015/5xxx/CVE-2015-5346.json +++ b/2015/5xxx/CVE-2015-5346.json @@ -221,6 +221,11 @@ "name": "http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5351.json b/2015/5xxx/CVE-2015-5351.json index b4f99d25931..49f8f407304 100644 --- a/2015/5xxx/CVE-2015-5351.json +++ b/2015/5xxx/CVE-2015-5351.json @@ -226,6 +226,11 @@ "name": "http://svn.apache.org/viewvc?view=revision&revision=1720660", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1720660" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5617.json b/2015/5xxx/CVE-2015-5617.json index 720489be25c..70883d46417 100644 --- a/2015/5xxx/CVE-2015-5617.json +++ b/2015/5xxx/CVE-2015-5617.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5617", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Aug/55", + "url": "http://seclists.org/fulldisclosure/2015/Aug/55" } ] } diff --git a/2015/5xxx/CVE-2015-5621.json b/2015/5xxx/CVE-2015-5621.json index 44d10f9ce3a..fb0e58587ed 100644 --- a/2015/5xxx/CVE-2015-5621.json +++ b/2015/5xxx/CVE-2015-5621.json @@ -121,6 +121,11 @@ "name": "76380", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76380" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf" } ] } diff --git a/2015/5xxx/CVE-2015-5626.json b/2015/5xxx/CVE-2015-5626.json index bcfbd229f86..552b1c738ac 100644 --- a/2015/5xxx/CVE-2015-5626.json +++ b/2015/5xxx/CVE-2015-5626.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2015-5626", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,259 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yokogawa", + "product": { + "product_data": [ + { + "product_name": "CENTUM CS 1000", + "version": { + "version_data": [ + { + "version_value": "R3.08.70 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM CS 3000", + "version": { + "version_data": [ + { + "version_value": "R3.09.50 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM CS 3000 Entry", + "version": { + "version_data": [ + { + "version_value": "R3.09.50 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM VP", + "version": { + "version_data": [ + { + "version_value": "R5.04.20 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM VP Entry", + "version": { + "version_data": [ + { + "version_value": "R5.04.20 and earlier" + } + ] + } + }, + { + "product_name": "ProSafe-RS", + "version": { + "version_data": [ + { + "version_value": "R3.02.10 and earlier" + } + ] + } + }, + { + "product_name": "Exaopc", + "version": { + "version_data": [ + { + "version_value": "R3.72.00 and earlier" + } + ] + } + }, + { + "product_name": "Exaquantum", + "version": { + "version_data": [ + { + "version_value": "R2.85.00 and earlier" + } + ] + } + }, + { + "product_name": "Exaquantum/Batch", + "version": { + "version_data": [ + { + "version_value": "R2.50.30 and earlier" + } + ] + } + }, + { + "product_name": "Exapilot", + "version": { + "version_data": [ + { + "version_value": "R3.96.10 and earlier" + } + ] + } + }, + { + "product_name": "Exaplog", + "version": { + "version_data": [ + { + "version_value": "R3.40.00 and earlier" + } + ] + } + }, + { + "product_name": "Exasmoc", + "version": { + "version_data": [ + { + "version_value": "R4.03.20 and earlier" + } + ] + } + }, + { + "product_name": "Exarqe", + "version": { + "version_data": [ + { + "version_value": "R4.03.20 and earlier" + } + ] + } + }, + { + "product_name": "Field Wireless Device OPC Server", + "version": { + "version_data": [ + { + "version_value": "R2.01.02 and earlier" + } + ] + } + }, + { + "product_name": "PRM", + "version": { + "version_data": [ + { + "version_value": "R3.12.00 and earlier" + } + ] + } + }, + { + "product_name": "STARDOM VDS", + "version": { + "version_data": [ + { + "version_value": "R7.30.01 and earlier" + } + ] + } + }, + { + "product_name": "STARDOM OPC Server for Windows", + "version": { + "version_data": [ + { + "version_value": "R3.40 and earlier" + } + ] + } + }, + { + "product_name": "FAST/TOOLS", + "version": { + "version_data": [ + { + "version_value": "R10.01 and earlier" + } + ] + } + }, + { + "product_name": "B/M9000CS", + "version": { + "version_data": [ + { + "version_value": "R5.05.01 and earlier" + } + ] + } + }, + { + "product_name": "B/M9000 VP", + "version": { + "version_data": [ + { + "version_value": "R7.03.04 and earlier" + } + ] + } + }, + { + "product_name": "FieldMate", + "version": { + "version_data": [ + { + "version_value": "R1.01" + }, + { + "version_value": "R1.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01" + }, + { + "refsource": "CONFIRM", + "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", + "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf" } ] } diff --git a/2015/5xxx/CVE-2015-5627.json b/2015/5xxx/CVE-2015-5627.json index 8a2c27c76ee..67034ef8a21 100644 --- a/2015/5xxx/CVE-2015-5627.json +++ b/2015/5xxx/CVE-2015-5627.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2015-5627", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,259 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yokogawa", + "product": { + "product_data": [ + { + "product_name": "CENTUM CS 1000", + "version": { + "version_data": [ + { + "version_value": "R3.08.70 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM CS 3000", + "version": { + "version_data": [ + { + "version_value": "R3.09.50 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM CS 3000 Entry", + "version": { + "version_data": [ + { + "version_value": "R3.09.50 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM VP", + "version": { + "version_data": [ + { + "version_value": "R5.04.20 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM VP Entry", + "version": { + "version_data": [ + { + "version_value": "R5.04.20 and earlier" + } + ] + } + }, + { + "product_name": "ProSafe-RS", + "version": { + "version_data": [ + { + "version_value": "R3.02.10 and earlier" + } + ] + } + }, + { + "product_name": "Exaopc", + "version": { + "version_data": [ + { + "version_value": "R3.72.00 and earlier" + } + ] + } + }, + { + "product_name": "Exaquantum", + "version": { + "version_data": [ + { + "version_value": "R2.85.00 and earlier" + } + ] + } + }, + { + "product_name": "Exaquantum/Batch", + "version": { + "version_data": [ + { + "version_value": "R2.50.30 and earlier" + } + ] + } + }, + { + "product_name": "Exapilot", + "version": { + "version_data": [ + { + "version_value": "R3.96.10 and earlier" + } + ] + } + }, + { + "product_name": "Exaplog", + "version": { + "version_data": [ + { + "version_value": "R3.40.00 and earlier" + } + ] + } + }, + { + "product_name": "Exasmoc", + "version": { + "version_data": [ + { + "version_value": "R4.03.20 and earlier" + } + ] + } + }, + { + "product_name": "Exarqe", + "version": { + "version_data": [ + { + "version_value": "R4.03.20 and earlier" + } + ] + } + }, + { + "product_name": "Field Wireless Device OPC Server", + "version": { + "version_data": [ + { + "version_value": "R2.01.02 and earlier" + } + ] + } + }, + { + "product_name": "PRM", + "version": { + "version_data": [ + { + "version_value": "R3.12.00 and earlier" + } + ] + } + }, + { + "product_name": "STARDOM VDS", + "version": { + "version_data": [ + { + "version_value": "R7.30.01 and earlier" + } + ] + } + }, + { + "product_name": "STARDOM OPC Server for Windows", + "version": { + "version_data": [ + { + "version_value": "R3.40 and earlier" + } + ] + } + }, + { + "product_name": "FAST/TOOLS", + "version": { + "version_data": [ + { + "version_value": "R10.01 and earlier" + } + ] + } + }, + { + "product_name": "B/M9000CS", + "version": { + "version_data": [ + { + "version_value": "R5.05.01 and earlier" + } + ] + } + }, + { + "product_name": "B/M9000 VP", + "version": { + "version_data": [ + { + "version_value": "R7.03.04 and earlier" + } + ] + } + }, + { + "product_name": "FieldMate", + "version": { + "version_data": [ + { + "version_value": "R1.01" + }, + { + "version_value": "R1.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01" + }, + { + "refsource": "CONFIRM", + "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", + "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf" } ] } diff --git a/2015/5xxx/CVE-2015-5628.json b/2015/5xxx/CVE-2015-5628.json index 0184fed413a..c6d5addbc68 100644 --- a/2015/5xxx/CVE-2015-5628.json +++ b/2015/5xxx/CVE-2015-5628.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2015-5628", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,259 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yokogawa", + "product": { + "product_data": [ + { + "product_name": "CENTUM CS 1000", + "version": { + "version_data": [ + { + "version_value": "R3.08.70 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM CS 3000", + "version": { + "version_data": [ + { + "version_value": "R3.09.50 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM CS 3000 Entry", + "version": { + "version_data": [ + { + "version_value": "R3.09.50 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM VP", + "version": { + "version_data": [ + { + "version_value": "R5.04.20 and earlier" + } + ] + } + }, + { + "product_name": "CENTUM VP Entry", + "version": { + "version_data": [ + { + "version_value": "R5.04.20 and earlier" + } + ] + } + }, + { + "product_name": "ProSafe-RS", + "version": { + "version_data": [ + { + "version_value": "R3.02.10 and earlier" + } + ] + } + }, + { + "product_name": "Exaopc", + "version": { + "version_data": [ + { + "version_value": "R3.72.00 and earlier" + } + ] + } + }, + { + "product_name": "Exaquantum", + "version": { + "version_data": [ + { + "version_value": "R2.85.00 and earlier" + } + ] + } + }, + { + "product_name": "Exaquantum/Batch", + "version": { + "version_data": [ + { + "version_value": "R2.50.30 and earlier" + } + ] + } + }, + { + "product_name": "Exapilot", + "version": { + "version_data": [ + { + "version_value": "R3.96.10 and earlier" + } + ] + } + }, + { + "product_name": "Exaplog", + "version": { + "version_data": [ + { + "version_value": "R3.40.00 and earlier" + } + ] + } + }, + { + "product_name": "Exasmoc", + "version": { + "version_data": [ + { + "version_value": "R4.03.20 and earlier" + } + ] + } + }, + { + "product_name": "Exarqe", + "version": { + "version_data": [ + { + "version_value": "R4.03.20 and earlier" + } + ] + } + }, + { + "product_name": "Field Wireless Device OPC Server", + "version": { + "version_data": [ + { + "version_value": "R2.01.02 and earlier" + } + ] + } + }, + { + "product_name": "PRM", + "version": { + "version_data": [ + { + "version_value": "R3.12.00 and earlier" + } + ] + } + }, + { + "product_name": "STARDOM VDS", + "version": { + "version_data": [ + { + "version_value": "R7.30.01 and earlier" + } + ] + } + }, + { + "product_name": "STARDOM OPC Server for Windows", + "version": { + "version_data": [ + { + "version_value": "R3.40 and earlier" + } + ] + } + }, + { + "product_name": "FAST/TOOLS", + "version": { + "version_data": [ + { + "version_value": "R10.01 and earlier" + } + ] + } + }, + { + "product_name": "B/M9000CS", + "version": { + "version_data": [ + { + "version_value": "R5.05.01 and earlier" + } + ] + } + }, + { + "product_name": "B/M9000 VP", + "version": { + "version_data": [ + { + "version_value": "R7.03.04 and earlier" + } + ] + } + }, + { + "product_name": "FieldMate", + "version": { + "version_data": [ + { + "version_value": "R1.01" + }, + { + "version_value": "R1.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01" + }, + { + "refsource": "CONFIRM", + "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf", + "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf" } ] } diff --git a/2015/5xxx/CVE-2015-5698.json b/2015/5xxx/CVE-2015-5698.json index 8fab2753854..547ca96d0ac 100644 --- a/2015/5xxx/CVE-2015-5698.json +++ b/2015/5xxx/CVE-2015-5698.json @@ -66,6 +66,11 @@ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf" } ] } diff --git a/2015/5xxx/CVE-2015-5741.json b/2015/5xxx/CVE-2015-5741.json index a1208b29f7b..72842260242 100644 --- a/2015/5xxx/CVE-2015-5741.json +++ b/2015/5xxx/CVE-2015-5741.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5741", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2015/q3/237", + "url": "http://seclists.org/oss-sec/2015/q3/237" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2015/q3/292", + "url": "http://seclists.org/oss-sec/2015/q3/292" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2015/q3/294", + "url": "http://seclists.org/oss-sec/2015/q3/294" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352" + }, + { + "refsource": "MISC", + "name": "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f", + "url": "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html" } ] } diff --git a/2015/6xxx/CVE-2015-6000.json b/2015/6xxx/CVE-2015-6000.json index 2f2342e96b1..0323ac50155 100644 --- a/2015/6xxx/CVE-2015-6000.json +++ b/2015/6xxx/CVE-2015-6000.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2015-6000", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Upload" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vtiger", + "product": { + "product_data": [ + { + "product_name": "Vtiger CRM", + "version": { + "version_data": [ + { + "version_value": "6.3.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html", + "url": "http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/38345/", + "url": "https://www.exploit-db.com/exploits/38345/" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com//archive/1/536563/100/0/threaded", + "url": "http://www.securityfocus.com//archive/1/536563/100/0/threaded" } ] } diff --git a/2015/6xxx/CVE-2015-6589.json b/2015/6xxx/CVE-2015-6589.json index ff0624f5710..375b2f0b19f 100644 --- a/2015/6xxx/CVE-2015-6589.json +++ b/2015/6xxx/CVE-2015-6589.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6589", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-450", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-450" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/38351/", + "url": "https://www.exploit-db.com/exploits/38351/" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/76838", + "url": "https://www.securityfocus.com/bid/76838" } ] } diff --git a/2015/7xxx/CVE-2015-7508.json b/2015/7xxx/CVE-2015-7508.json index d865b25f191..4867cc07d6a 100644 --- a/2015/7xxx/CVE-2015-7508.json +++ b/2015/7xxx/CVE-2015-7508.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7508", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Libnsbmp", + "version": { + "version_data": [ + { + "version_value": "0.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Dec/73", + "url": "http://seclists.org/fulldisclosure/2015/Dec/73" } ] } diff --git a/2015/7xxx/CVE-2015-7552.json b/2015/7xxx/CVE-2015-7552.json index 8dae1d32fe2..300ff936cad 100644 --- a/2015/7xxx/CVE-2015-7552.json +++ b/2015/7xxx/CVE-2015-7552.json @@ -76,6 +76,16 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=958963", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=958963" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-418ce730df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a718b79006", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/" } ] } diff --git a/2015/7xxx/CVE-2015-7890.json b/2015/7xxx/CVE-2015-7890.json index dcca7640a23..28f08873103 100644 --- a/2015/7xxx/CVE-2015-7890.json +++ b/2015/7xxx/CVE-2015-7890.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7890", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html" + }, + { + "refsource": "MISC", + "name": "https://code.google.com/p/google-security-research/issues/detail?id=491", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=491" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/38556/", + "url": "https://www.exploit-db.com/exploits/38556/" } ] } diff --git a/2015/8xxx/CVE-2015-8139.json b/2015/8xxx/CVE-2015-8139.json index 8b5886ba820..1889e3101d9 100644 --- a/2015/8xxx/CVE-2015-8139.json +++ b/2015/8xxx/CVE-2015-8139.json @@ -136,6 +136,11 @@ "name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0003/" } ] } diff --git a/2015/8xxx/CVE-2015-8140.json b/2015/8xxx/CVE-2015-8140.json index e6fcb43c876..6ded830a6d1 100644 --- a/2015/8xxx/CVE-2015-8140.json +++ b/2015/8xxx/CVE-2015-8140.json @@ -116,6 +116,11 @@ "name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0003/" } ] } diff --git a/2015/8xxx/CVE-2015-8214.json b/2015/8xxx/CVE-2015-8214.json index 03863f55a5a..44ff009d7a3 100644 --- a/2015/8xxx/CVE-2015-8214.json +++ b/2015/8xxx/CVE-2015-8214.json @@ -66,6 +66,11 @@ "name": "1034279", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034279" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf" } ] } diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index 6c6aa7e5dbd..68f38951d9a 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -196,6 +196,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0481", + "url": "https://access.redhat.com/errata/RHSA-2020:0481" } ] } diff --git a/2015/9xxx/CVE-2015-9542.json b/2015/9xxx/CVE-2015-9542.json new file mode 100644 index 00000000000..6bc117376f0 --- /dev/null +++ b/2015/9xxx/CVE-2015-9542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-9542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0706.json b/2016/0xxx/CVE-2016-0706.json index a961adc15f4..f28e555e56c 100644 --- a/2016/0xxx/CVE-2016-0706.json +++ b/2016/0xxx/CVE-2016-0706.json @@ -266,6 +266,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0714.json b/2016/0xxx/CVE-2016-0714.json index 0caf9e86f50..bbb43701054 100644 --- a/2016/0xxx/CVE-2016-0714.json +++ b/2016/0xxx/CVE-2016-0714.json @@ -291,6 +291,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0762.json b/2016/0xxx/CVE-2016-0762.json index 6b916eb6160..dc45ca04424 100644 --- a/2016/0xxx/CVE-2016-0762.json +++ b/2016/0xxx/CVE-2016-0762.json @@ -159,6 +159,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0763.json b/2016/0xxx/CVE-2016-0763.json index adee427ba88..305adb0a937 100644 --- a/2016/0xxx/CVE-2016-0763.json +++ b/2016/0xxx/CVE-2016-0763.json @@ -211,6 +211,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/0xxx/CVE-2016-0800.json b/2016/0xxx/CVE-2016-0800.json index 1251145f8b3..af759a0d2f4 100644 --- a/2016/0xxx/CVE-2016-0800.json +++ b/2016/0xxx/CVE-2016-0800.json @@ -351,6 +351,11 @@ "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf" } ] } diff --git a/2016/1000xxx/CVE-2016-1000103.json b/2016/1000xxx/CVE-2016-1000103.json index c5bfc1e98b5..b58f5a013ce 100644 --- a/2016/1000xxx/CVE-2016-1000103.json +++ b/2016/1000xxx/CVE-2016-1000103.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-1000103", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-1000103", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "A Security Bypass vulnerability exists in Nginx 2016-07-07 in the HTTP_PROXY variable, which could let a malicious user redirect outbound HTTP traffic" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://www.securityfocus.com/bid/91819", - "refsource": "MISC", - "name": "http://www.securityfocus.com/bid/91819" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353758", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353758" - }, - { - "refsource": "MISC", - "name": "https://www.ibm.com/support/pages/node/556747", - "url": "https://www.ibm.com/support/pages/node/556747" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2016/10xxx/CVE-2016-10867.json b/2016/10xxx/CVE-2016-10867.json index 73db2b9115b..2a9bc541ec7 100644 --- a/2016/10xxx/CVE-2016-10867.json +++ b/2016/10xxx/CVE-2016-10867.json @@ -56,6 +56,11 @@ "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9736", + "url": "https://wpvulndb.com/vulnerabilities/9736" } ] } diff --git a/2016/10xxx/CVE-2016-10878.json b/2016/10xxx/CVE-2016-10878.json index c029db96c97..dc1b9274bcb 100644 --- a/2016/10xxx/CVE-2016-10878.json +++ b/2016/10xxx/CVE-2016-10878.json @@ -56,6 +56,11 @@ "url": "https://wordpress.org/plugins/wp-google-map-plugin/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/wp-google-map-plugin/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9741", + "url": "https://wpvulndb.com/vulnerabilities/9741" } ] } diff --git a/2016/10xxx/CVE-2016-10945.json b/2016/10xxx/CVE-2016-10945.json index d8ec9eb48ee..17255d1cf16 100644 --- a/2016/10xxx/CVE-2016-10945.json +++ b/2016/10xxx/CVE-2016-10945.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8681", + "url": "https://wpvulndb.com/vulnerabilities/8681" + }, { "url": "https://klikki.fi/adv/pagelines.html", "refsource": "MISC", diff --git a/2016/10xxx/CVE-2016-10953.json b/2016/10xxx/CVE-2016-10953.json index cea42f291d3..e821e9c7a99 100644 --- a/2016/10xxx/CVE-2016-10953.json +++ b/2016/10xxx/CVE-2016-10953.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8641", + "url": "https://wpvulndb.com/vulnerabilities/8641" + }, { "url": "https://wptavern.com/headway-3-8-9-patches-potential-xss-vulnerability", "refsource": "MISC", diff --git a/2016/10xxx/CVE-2016-10954.json b/2016/10xxx/CVE-2016-10954.json index 7c71dfd7d42..064df0cf59d 100644 --- a/2016/10xxx/CVE-2016-10954.json +++ b/2016/10xxx/CVE-2016-10954.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8622", + "url": "https://wpvulndb.com/vulnerabilities/8622" + }, { "url": "https://lifeforms.nl/20160919/unrestricted-upload-neosense", "refsource": "MISC", diff --git a/2016/10xxx/CVE-2016-10961.json b/2016/10xxx/CVE-2016-10961.json index dc1c6eba3f5..a32771c4e14 100644 --- a/2016/10xxx/CVE-2016-10961.json +++ b/2016/10xxx/CVE-2016-10961.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8568", + "url": "https://wpvulndb.com/vulnerabilities/8568" + }, { "url": "https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_colorway_wordpress_theme.html", "refsource": "MISC", diff --git a/2016/10xxx/CVE-2016-10993.json b/2016/10xxx/CVE-2016-10993.json index e0dd6610be1..1436133a6e3 100644 --- a/2016/10xxx/CVE-2016-10993.json +++ b/2016/10xxx/CVE-2016-10993.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8431", + "url": "https://wpvulndb.com/vulnerabilities/8431" + }, { "url": "https://www.vulnerability-lab.com/get_content.php?id=1808", "refsource": "MISC", diff --git a/2016/10xxx/CVE-2016-10994.json b/2016/10xxx/CVE-2016-10994.json index a4d58e8859f..291dc4ba3b8 100644 --- a/2016/10xxx/CVE-2016-10994.json +++ b/2016/10xxx/CVE-2016-10994.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8478", + "url": "https://wpvulndb.com/vulnerabilities/8478" + }, { "url": "https://www.vulnerability-lab.com/get_content.php?id=1839", "refsource": "MISC", diff --git a/2016/11xxx/CVE-2016-11019.json b/2016/11xxx/CVE-2016-11019.json new file mode 100644 index 00000000000..7ddfb174e34 --- /dev/null +++ b/2016/11xxx/CVE-2016-11019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-11019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1544.json b/2016/1xxx/CVE-2016-1544.json index 4b1e08d1c48..d441f5bd9f8 100644 --- a/2016/1xxx/CVE-2016-1544.json +++ b/2016/1xxx/CVE-2016-1544.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1544", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nghttp2", + "product": { + "product_data": [ + { + "product_name": "nghttp2", + "version": { + "version_data": [ + { + "version_value": "before 1.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308461", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308461" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nghttp2/nghttp2/releases/tag/v1.7.1", + "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.7.1" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1", + "url": "https://github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gentoo.org/glsa/201612-13", + "url": "https://security.gentoo.org/glsa/201612-13" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html" } ] } diff --git a/2016/2xxx/CVE-2016-2033.json b/2016/2xxx/CVE-2016-2033.json index a5d03f7328a..6cd70dc6b11 100644 --- a/2016/2xxx/CVE-2016-2033.json +++ b/2016/2xxx/CVE-2016-2033.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-2033", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2033", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to 6.5.6 and 6.6.0 includes SQL injection issues, unauthenticated arbitrary file read via XXE, remote root command execution, and elevated privilege issues." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-008.txt", - "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-008.txt" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was associated with multiple vulnerabilities. Notes: none" } ] } diff --git a/2016/2xxx/CVE-2016-2200.json b/2016/2xxx/CVE-2016-2200.json index c07db0bd09e..5ccba5c5bd1 100644 --- a/2016/2xxx/CVE-2016-2200.json +++ b/2016/2xxx/CVE-2016-2200.json @@ -71,6 +71,11 @@ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf" } ] } diff --git a/2016/2xxx/CVE-2016-2201.json b/2016/2xxx/CVE-2016-2201.json index 4313351f973..6e0ba6e451c 100644 --- a/2016/2xxx/CVE-2016-2201.json +++ b/2016/2xxx/CVE-2016-2201.json @@ -71,6 +71,11 @@ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf" } ] } diff --git a/2016/2xxx/CVE-2016-2846.json b/2016/2xxx/CVE-2016-2846.json index 8d89e92a730..40c797f08fa 100644 --- a/2016/2xxx/CVE-2016-2846.json +++ b/2016/2xxx/CVE-2016-2846.json @@ -61,6 +61,11 @@ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-075-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-075-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf" } ] } diff --git a/2016/3xxx/CVE-2016-3092.json b/2016/3xxx/CVE-2016-3092.json index 1a5a07ef909..0cac7962ec4 100644 --- a/2016/3xxx/CVE-2016-3092.json +++ b/2016/3xxx/CVE-2016-3092.json @@ -281,6 +281,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/3xxx/CVE-2016-3427.json b/2016/3xxx/CVE-2016-3427.json index 78b6de8f4bc..e7049daf927 100644 --- a/2016/3xxx/CVE-2016-3427.json +++ b/2016/3xxx/CVE-2016-3427.json @@ -321,6 +321,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/3xxx/CVE-2016-3949.json b/2016/3xxx/CVE-2016-3949.json index f3effd8acf3..94695466d7f 100644 --- a/2016/3xxx/CVE-2016-3949.json +++ b/2016/3xxx/CVE-2016-3949.json @@ -66,6 +66,11 @@ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf" } ] } diff --git a/2016/5xxx/CVE-2016-5018.json b/2016/5xxx/CVE-2016-5018.json index 2f34b861cc4..eb292bc1f60 100644 --- a/2016/5xxx/CVE-2016-5018.json +++ b/2016/5xxx/CVE-2016-5018.json @@ -194,6 +194,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/5xxx/CVE-2016-5710.json b/2016/5xxx/CVE-2016-5710.json index c200a4c3d74..02a0e30f34c 100644 --- a/2016/5xxx/CVE-2016-5710.json +++ b/2016/5xxx/CVE-2016-5710.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5710", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kb.netapp.com/support/s/article/cve-2016-5710-clickjacking-vulnerability-in-snap-creator-framework", + "url": "https://kb.netapp.com/support/s/article/cve-2016-5710-clickjacking-vulnerability-in-snap-creator-framework" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6794.json b/2016/6xxx/CVE-2016-6794.json index 72b9e5132b2..ba22f6c8b4b 100644 --- a/2016/6xxx/CVE-2016-6794.json +++ b/2016/6xxx/CVE-2016-6794.json @@ -169,6 +169,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6796.json b/2016/6xxx/CVE-2016-6796.json index a921e548f2f..bbb8c1453c8 100644 --- a/2016/6xxx/CVE-2016-6796.json +++ b/2016/6xxx/CVE-2016-6796.json @@ -199,6 +199,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6797.json b/2016/6xxx/CVE-2016-6797.json index c964a63d352..3cbd210b667 100644 --- a/2016/6xxx/CVE-2016-6797.json +++ b/2016/6xxx/CVE-2016-6797.json @@ -169,6 +169,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6808.json b/2016/6xxx/CVE-2016-6808.json index f63970da6c4..9ad6c20ccd4 100644 --- a/2016/6xxx/CVE-2016-6808.json +++ b/2016/6xxx/CVE-2016-6808.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6816.json b/2016/6xxx/CVE-2016-6816.json index 0fd7537fa38..4fd62df9e04 100644 --- a/2016/6xxx/CVE-2016-6816.json +++ b/2016/6xxx/CVE-2016-6816.json @@ -231,6 +231,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/7xxx/CVE-2016-7523.json b/2016/7xxx/CVE-2016-7523.json index 60707038e70..8d77c489650 100644 --- a/2016/7xxx/CVE-2016-7523.json +++ b/2016/7xxx/CVE-2016-7523.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2016-7523", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ImageMagick", + "product": { + "product_data": [ + { + "product_name": "ImageMagick", + "version": { + "version_data": [ + { + "version_value": "before 7.0.1-0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/09/22/2", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537420", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537420" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378754", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378754" + }, + { + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/94", + "url": "https://github.com/ImageMagick/ImageMagick/issues/94" } ] } diff --git a/2016/7xxx/CVE-2016-7524.json b/2016/7xxx/CVE-2016-7524.json index ef6f9919c29..2bbfb02049b 100644 --- a/2016/7xxx/CVE-2016-7524.json +++ b/2016/7xxx/CVE-2016-7524.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2016-7524", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ImageMagick", + "product": { + "product_data": [ + { + "product_name": "ImageMagick", + "version": { + "version_data": [ + { + "version_value": "before 7.0.1-0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/issues/96", + "url": "https://github.com/ImageMagick/ImageMagick/issues/96" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/09/22/2", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537422", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537422" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378762", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378762" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6", + "url": "https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ImageMagick/ImageMagick/commit/97c9f438a9b3454d085895f4d1f66389fd22a0fb", + "url": "https://github.com/ImageMagick/ImageMagick/commit/97c9f438a9b3454d085895f4d1f66389fd22a0fb" } ] } diff --git a/2016/8xxx/CVE-2016-8561.json b/2016/8xxx/CVE-2016-8561.json index 386c189b6b6..29346cd1f51 100644 --- a/2016/8xxx/CVE-2016-8561.json +++ b/2016/8xxx/CVE-2016-8561.json @@ -66,6 +66,11 @@ "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf" } ] } diff --git a/2016/8xxx/CVE-2016-8562.json b/2016/8xxx/CVE-2016-8562.json index 30fc43bab30..95846a45a3f 100644 --- a/2016/8xxx/CVE-2016-8562.json +++ b/2016/8xxx/CVE-2016-8562.json @@ -66,6 +66,11 @@ "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf" } ] } diff --git a/2016/8xxx/CVE-2016-8735.json b/2016/8xxx/CVE-2016-8735.json index a245c3abe95..d48de9e9506 100644 --- a/2016/8xxx/CVE-2016-8735.json +++ b/2016/8xxx/CVE-2016-8735.json @@ -228,6 +228,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/8xxx/CVE-2016-8745.json b/2016/8xxx/CVE-2016-8745.json index 316f45b1ae6..31828d5140d 100644 --- a/2016/8xxx/CVE-2016-8745.json +++ b/2016/8xxx/CVE-2016-8745.json @@ -199,6 +199,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/8xxx/CVE-2016-8747.json b/2016/8xxx/CVE-2016-8747.json index 9ef19096199..7551bb1485c 100644 --- a/2016/8xxx/CVE-2016-8747.json +++ b/2016/8xxx/CVE-2016-8747.json @@ -109,6 +109,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2016/9xxx/CVE-2016-9652.json b/2016/9xxx/CVE-2016-9652.json index c342a983b3d..8d654fc59c5 100644 --- a/2016/9xxx/CVE-2016-9652.json +++ b/2016/9xxx/CVE-2016-9652.json @@ -8,7 +8,6 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Google", "product": { "product_data": [ { @@ -16,13 +15,14 @@ "version": { "version_data": [ { - "version_value": "before 55.0.2883.75" + "version_value": "55.0" } ] } } ] - } + }, + "vendor_name": "Google" } ] } @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Unspecified vulnerabilities in Google Chrome before 55.0.2883.75." + "value": "Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75." } ] }, @@ -44,7 +44,7 @@ "description": [ { "lang": "eng", - "value": "various fixes from internal audits" + "value": "mixed" } ] } @@ -56,6 +56,61 @@ "refsource": "CONFIRM", "name": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" + }, + { + "url": "http://www.debian.org/security/2016/dsa-3731", + "refsource": "MISC", + "name": "http://www.debian.org/security/2016/dsa-3731" + }, + { + "url": "http://www.securityfocus.com/bid/94633", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94633" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2016-2919.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LV2U7SINGF3SBK7HVKSWFOYLQBUH6PUE/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LV2U7SINGF3SBK7HVKSWFOYLQBUH6PUE/" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00042.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00042.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LGZO2VOGJOZUUXNQITD6YMIUQ2L5GTU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LGZO2VOGJOZUUXNQITD6YMIUQ2L5GTU/" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html" + }, + { + "url": "https://security.gentoo.org/glsa/201612-11", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-11" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3153-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3153-1" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZECS3A7ULG4B4YXBKUZMA3NTQBE5HGU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZECS3A7ULG4B4YXBKUZMA3NTQBE5HGU/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=669928", + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=669928" } ] } diff --git a/2016/9xxx/CVE-2016-9928.json b/2016/9xxx/CVE-2016-9928.json index efe6aa98140..6d578ef48da 100644 --- a/2016/9xxx/CVE-2016-9928.json +++ b/2016/9xxx/CVE-2016-9928.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2016-9928", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,86 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MCabber", + "product": { + "product_data": [ + { + "product_name": "MCabber", + "version": { + "version_data": [ + { + "version_value": "before 1.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1403790", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403790" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258" + }, + { + "refsource": "CONFIRM", + "name": "https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw", + "url": "https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw" + }, + { + "refsource": "MISC", + "name": "https://gultsch.de/gajim_roster_push_and_message_interception.html", + "url": "https://gultsch.de/gajim_roster_push_and_message_interception.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/02/09/29", + "url": "http://www.openwall.com/lists/oss-security/2017/02/09/29" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/11/2", + "url": "http://www.openwall.com/lists/oss-security/2016/12/11/2" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94862", + "url": "http://www.securityfocus.com/bid/94862" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html" } ] } diff --git a/2017/0xxx/CVE-2017-0143.json b/2017/0xxx/CVE-2017-0143.json index dd6673bfede..539e5e2fd54 100644 --- a/2017/0xxx/CVE-2017-0143.json +++ b/2017/0xxx/CVE-2017-0143.json @@ -101,6 +101,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html", "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html" } ] } diff --git a/2017/0xxx/CVE-2017-0144.json b/2017/0xxx/CVE-2017-0144.json index 30490104140..8572a076ef8 100644 --- a/2017/0xxx/CVE-2017-0144.json +++ b/2017/0xxx/CVE-2017-0144.json @@ -106,6 +106,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html", "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html" } ] } diff --git a/2017/0xxx/CVE-2017-0145.json b/2017/0xxx/CVE-2017-0145.json index dbef208a82e..4d31abe3240 100644 --- a/2017/0xxx/CVE-2017-0145.json +++ b/2017/0xxx/CVE-2017-0145.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html", "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html" } ] } diff --git a/2017/0xxx/CVE-2017-0146.json b/2017/0xxx/CVE-2017-0146.json index abae8e5f8e9..3b7cc38eb0e 100644 --- a/2017/0xxx/CVE-2017-0146.json +++ b/2017/0xxx/CVE-2017-0146.json @@ -101,6 +101,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html", "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html" } ] } diff --git a/2017/0xxx/CVE-2017-0147.json b/2017/0xxx/CVE-2017-0147.json index a67e46f7b77..d35d5b5f860 100644 --- a/2017/0xxx/CVE-2017-0147.json +++ b/2017/0xxx/CVE-2017-0147.json @@ -101,6 +101,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html", "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html" } ] } diff --git a/2017/0xxx/CVE-2017-0148.json b/2017/0xxx/CVE-2017-0148.json index 269ecfe8128..e94de183d0a 100644 --- a/2017/0xxx/CVE-2017-0148.json +++ b/2017/0xxx/CVE-2017-0148.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html", "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html" } ] } diff --git a/2017/1000xxx/CVE-2017-1000159.json b/2017/1000xxx/CVE-2017-1000159.json index 74aabaa1583..1c398000563 100644 --- a/2017/1000xxx/CVE-2017-1000159.json +++ b/2017/1000xxx/CVE-2017-1000159.json @@ -78,6 +78,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4624", + "url": "https://www.debian.org/security/2020/dsa-4624" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4624-1] evince security update", + "url": "https://seclists.org/bugtraq/2020/Feb/18" } ] } diff --git a/2017/11xxx/CVE-2017-11124.json b/2017/11xxx/CVE-2017-11124.json index c027d33a918..4695eb22a22 100644 --- a/2017/11xxx/CVE-2017-11124.json +++ b/2017/11xxx/CVE-2017-11124.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-bbd24dd0cf", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-edf53cd770", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC/" } ] } diff --git a/2017/11xxx/CVE-2017-11125.json b/2017/11xxx/CVE-2017-11125.json index 08c4079b096..8bbedf8194f 100644 --- a/2017/11xxx/CVE-2017-11125.json +++ b/2017/11xxx/CVE-2017-11125.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-bbd24dd0cf", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-edf53cd770", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC/" } ] } diff --git a/2017/12xxx/CVE-2017-12615.json b/2017/12xxx/CVE-2017-12615.json index 713cb1c4b61..849085562ed 100644 --- a/2017/12xxx/CVE-2017-12615.json +++ b/2017/12xxx/CVE-2017-12615.json @@ -142,6 +142,11 @@ "refsource": "MLIST", "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019", "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12616.json b/2017/12xxx/CVE-2017-12616.json index 6f04a663f56..b4a4798148d 100644 --- a/2017/12xxx/CVE-2017-12616.json +++ b/2017/12xxx/CVE-2017-12616.json @@ -117,6 +117,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12617.json b/2017/12xxx/CVE-2017-12617.json index 697ddcfe9b0..e69a191b1ef 100644 --- a/2017/12xxx/CVE-2017-12617.json +++ b/2017/12xxx/CVE-2017-12617.json @@ -266,6 +266,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12762.json b/2017/12xxx/CVE-2017-12762.json index ed96d7beef5..097c62b5e2d 100644 --- a/2017/12xxx/CVE-2017-12762.json +++ b/2017/12xxx/CVE-2017-12762.json @@ -71,6 +71,21 @@ "name": "USN-3620-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-1/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200211 Potential regression and/or incomplete fix for CVE-2017-12762", + "url": "http://www.openwall.com/lists/oss-security/2020/02/11/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200211 Re: Potential regression and/or incomplete fix for CVE-2017-12762", + "url": "http://www.openwall.com/lists/oss-security/2020/02/11/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200214 Re: Potential regression and/or incomplete fix for CVE-2017-12762", + "url": "http://www.openwall.com/lists/oss-security/2020/02/14/4" } ] } diff --git a/2017/13xxx/CVE-2017-13082.json b/2017/13xxx/CVE-2017-13082.json index 17267bfde59..ff96241389e 100644 --- a/2017/13xxx/CVE-2017-13082.json +++ b/2017/13xxx/CVE-2017-13082.json @@ -179,6 +179,11 @@ "name": "USN-3455-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3455-1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0222", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html" } ] } diff --git a/2017/15xxx/CVE-2017-15698.json b/2017/15xxx/CVE-2017-15698.json index 7f779660289..4be5673fb53 100644 --- a/2017/15xxx/CVE-2017-15698.json +++ b/2017/15xxx/CVE-2017-15698.json @@ -100,6 +100,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/15xxx/CVE-2017-15706.json b/2017/15xxx/CVE-2017-15706.json index 6bde9828037..bd87ae2d86a 100644 --- a/2017/15xxx/CVE-2017-15706.json +++ b/2017/15xxx/CVE-2017-15706.json @@ -141,6 +141,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/16xxx/CVE-2017-16808.json b/2017/16xxx/CVE-2017-16808.json index 66812441888..cab39bcaa1a 100644 --- a/2017/16xxx/CVE-2017-16808.json +++ b/2017/16xxx/CVE-2017-16808.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17912.json b/2017/17xxx/CVE-2017-17912.json index 90c26df60c7..bb2fc3cf588 100644 --- a/2017/17xxx/CVE-2017-17912.json +++ b/2017/17xxx/CVE-2017-17912.json @@ -76,6 +76,11 @@ "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f", "refsource": "CONFIRM", "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f" + }, + { + "refsource": "UBUNTU", + "name": "USN-4266-1", + "url": "https://usn.ubuntu.com/4266-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17913.json b/2017/17xxx/CVE-2017-17913.json index 2aecbfbad3e..b017dcd4cf1 100644 --- a/2017/17xxx/CVE-2017-17913.json +++ b/2017/17xxx/CVE-2017-17913.json @@ -66,6 +66,11 @@ "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f", "refsource": "CONFIRM", "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f" + }, + { + "refsource": "UBUNTU", + "name": "USN-4266-1", + "url": "https://usn.ubuntu.com/4266-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17915.json b/2017/17xxx/CVE-2017-17915.json index b8132306762..8e928b83866 100644 --- a/2017/17xxx/CVE-2017-17915.json +++ b/2017/17xxx/CVE-2017-17915.json @@ -76,6 +76,11 @@ "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4266-1", + "url": "https://usn.ubuntu.com/4266-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18187.json b/2017/18xxx/CVE-2017-18187.json index 02098dea60f..05098e955df 100644 --- a/2017/18xxx/CVE-2017-18187.json +++ b/2017/18xxx/CVE-2017-18187.json @@ -81,6 +81,11 @@ "name": "103055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103055" + }, + { + "refsource": "UBUNTU", + "name": "USN-4267-1", + "url": "https://usn.ubuntu.com/4267-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18189.json b/2017/18xxx/CVE-2017-18189.json index ad83c691c84..a5a6be74219 100644 --- a/2017/18xxx/CVE-2017-18189.json +++ b/2017/18xxx/CVE-2017-18189.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-1dfaa1963b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-cb7b7181a0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX/" } ] } diff --git a/2017/18xxx/CVE-2017-18219.json b/2017/18xxx/CVE-2017-18219.json index d8cb367d57b..a0f27919a7c 100644 --- a/2017/18xxx/CVE-2017-18219.json +++ b/2017/18xxx/CVE-2017-18219.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4266-1", + "url": "https://usn.ubuntu.com/4266-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18229.json b/2017/18xxx/CVE-2017-18229.json index 6ba65e3c7b8..8db8ee0fedd 100644 --- a/2017/18xxx/CVE-2017-18229.json +++ b/2017/18xxx/CVE-2017-18229.json @@ -76,6 +76,11 @@ "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4266-1", + "url": "https://usn.ubuntu.com/4266-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18230.json b/2017/18xxx/CVE-2017-18230.json index ca33507df94..2ae67a82b70 100644 --- a/2017/18xxx/CVE-2017-18230.json +++ b/2017/18xxx/CVE-2017-18230.json @@ -76,6 +76,11 @@ "name": "https://sourceforge.net/p/graphicsmagick/bugs/473/", "refsource": "CONFIRM", "url": "https://sourceforge.net/p/graphicsmagick/bugs/473/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4266-1", + "url": "https://usn.ubuntu.com/4266-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18231.json b/2017/18xxx/CVE-2017-18231.json index cf93c1aaceb..12a2965c583 100644 --- a/2017/18xxx/CVE-2017-18231.json +++ b/2017/18xxx/CVE-2017-18231.json @@ -76,6 +76,11 @@ "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4266-1", + "url": "https://usn.ubuntu.com/4266-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18538.json b/2017/18xxx/CVE-2017-18538.json index 4b6d957fbb0..ae98cd7688a 100644 --- a/2017/18xxx/CVE-2017-18538.json +++ b/2017/18xxx/CVE-2017-18538.json @@ -56,6 +56,11 @@ "url": "https://wordpress.org/plugins/weblibrarian/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/weblibrarian/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9723", + "url": "https://wpvulndb.com/vulnerabilities/9723" } ] } diff --git a/2017/18xxx/CVE-2017-18640.json b/2017/18xxx/CVE-2017-18640.json index 86f0c0cc1e6..abc4852d04a 100644 --- a/2017/18xxx/CVE-2017-18640.json +++ b/2017/18xxx/CVE-2017-18640.json @@ -61,6 +61,11 @@ "url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages", "refsource": "MISC", "name": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages" + }, + { + "refsource": "MISC", + "name": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack", + "url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack" } ] } diff --git a/2017/18xxx/CVE-2017-18641.json b/2017/18xxx/CVE-2017-18641.json new file mode 100644 index 00000000000..515ff03731c --- /dev/null +++ b/2017/18xxx/CVE-2017-18641.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18642.json b/2017/18xxx/CVE-2017-18642.json new file mode 100644 index 00000000000..af29edc5b98 --- /dev/null +++ b/2017/18xxx/CVE-2017-18642.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/", + "refsource": "MISC", + "name": "https://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3146.json b/2017/3xxx/CVE-2017-3146.json index ac58c45a4e3..e8b14cc4b94 100644 --- a/2017/3xxx/CVE-2017-3146.json +++ b/2017/3xxx/CVE-2017-3146.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-3146", - "STATE": "RESERVED" + "STATE": "REJECT" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,8 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } -} \ No newline at end of file +} diff --git a/2017/3xxx/CVE-2017-3147.json b/2017/3xxx/CVE-2017-3147.json index 220780bb21f..b658f123536 100644 --- a/2017/3xxx/CVE-2017-3147.json +++ b/2017/3xxx/CVE-2017-3147.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-3147", - "STATE": "RESERVED" + "STATE": "REJECT" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,8 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } -} \ No newline at end of file +} diff --git a/2017/3xxx/CVE-2017-3148.json b/2017/3xxx/CVE-2017-3148.json index 661b9cd7cfd..d11fb6edfd5 100644 --- a/2017/3xxx/CVE-2017-3148.json +++ b/2017/3xxx/CVE-2017-3148.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-3148", - "STATE": "RESERVED" + "STATE": "REJECT" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,8 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } -} \ No newline at end of file +} diff --git a/2017/3xxx/CVE-2017-3149.json b/2017/3xxx/CVE-2017-3149.json index 122aac644e0..c98d6edf1b5 100644 --- a/2017/3xxx/CVE-2017-3149.json +++ b/2017/3xxx/CVE-2017-3149.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-3149", - "STATE": "RESERVED" + "STATE": "REJECT" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,8 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } -} \ No newline at end of file +} diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 1e57c852c37..4ef8636d811 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -351,6 +351,11 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", "url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5647.json b/2017/5xxx/CVE-2017-5647.json index ea85eed9cc2..e0715d71801 100644 --- a/2017/5xxx/CVE-2017-5647.json +++ b/2017/5xxx/CVE-2017-5647.json @@ -218,6 +218,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5648.json b/2017/5xxx/CVE-2017-5648.json index a4a0c3c7065..bbd806d1c57 100644 --- a/2017/5xxx/CVE-2017-5648.json +++ b/2017/5xxx/CVE-2017-5648.json @@ -150,6 +150,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5650.json b/2017/5xxx/CVE-2017-5650.json index d48c0fe9bde..a8e4a078444 100644 --- a/2017/5xxx/CVE-2017-5650.json +++ b/2017/5xxx/CVE-2017-5650.json @@ -114,6 +114,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5651.json b/2017/5xxx/CVE-2017-5651.json index ad6bf2c22d7..e93be416693 100644 --- a/2017/5xxx/CVE-2017-5651.json +++ b/2017/5xxx/CVE-2017-5651.json @@ -124,6 +124,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5664.json b/2017/5xxx/CVE-2017-5664.json index ebca4a920a8..7f804460736 100644 --- a/2017/5xxx/CVE-2017-5664.json +++ b/2017/5xxx/CVE-2017-5664.json @@ -240,6 +240,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5689.json b/2017/5xxx/CVE-2017-5689.json index d3b2010c7b3..037c9f0924b 100644 --- a/2017/5xxx/CVE-2017-5689.json +++ b/2017/5xxx/CVE-2017-5689.json @@ -101,6 +101,11 @@ "name": "https://www.embedi.com/news/mythbusters-cve-2017-5689", "refsource": "MISC", "url": "https://www.embedi.com/news/mythbusters-cve-2017-5689" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf" } ] } diff --git a/2017/6xxx/CVE-2017-6311.json b/2017/6xxx/CVE-2017-6311.json index 325a523cd1d..19666733cb1 100644 --- a/2017/6xxx/CVE-2017-6311.json +++ b/2017/6xxx/CVE-2017-6311.json @@ -81,6 +81,16 @@ "name": "GLSA-201709-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-08" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-418ce730df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a718b79006", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/" } ] } diff --git a/2017/6xxx/CVE-2017-6312.json b/2017/6xxx/CVE-2017-6312.json index 16a2f6ee7c2..00052ba60f3 100644 --- a/2017/6xxx/CVE-2017-6312.json +++ b/2017/6xxx/CVE-2017-6312.json @@ -86,6 +86,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-418ce730df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a718b79006", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/" } ] } diff --git a/2017/6xxx/CVE-2017-6313.json b/2017/6xxx/CVE-2017-6313.json index c9614c2c6ed..631df55882d 100644 --- a/2017/6xxx/CVE-2017-6313.json +++ b/2017/6xxx/CVE-2017-6313.json @@ -86,6 +86,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-418ce730df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a718b79006", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/" } ] } diff --git a/2017/6xxx/CVE-2017-6314.json b/2017/6xxx/CVE-2017-6314.json index 0226cb55f9b..1ca8135329f 100644 --- a/2017/6xxx/CVE-2017-6314.json +++ b/2017/6xxx/CVE-2017-6314.json @@ -86,6 +86,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191219 [SECURITY] [DLA 2043-1] gdk-pixbuf security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-418ce730df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a718b79006", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/" } ] } diff --git a/2017/7xxx/CVE-2017-7674.json b/2017/7xxx/CVE-2017-7674.json index 09ed934b279..80e43d8583e 100644 --- a/2017/7xxx/CVE-2017-7674.json +++ b/2017/7xxx/CVE-2017-7674.json @@ -186,6 +186,26 @@ "refsource": "MLIST", "name": "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context", "url": "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context", + "url": "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7675.json b/2017/7xxx/CVE-2017-7675.json index f9f32bdbe84..a6583f82ee6 100644 --- a/2017/7xxx/CVE-2017-7675.json +++ b/2017/7xxx/CVE-2017-7675.json @@ -125,6 +125,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/0xxx/CVE-2018-0487.json b/2018/0xxx/CVE-2018-0487.json index 6ad2f505e23..2611aaa73a3 100644 --- a/2018/0xxx/CVE-2018-0487.json +++ b/2018/0xxx/CVE-2018-0487.json @@ -76,6 +76,11 @@ "name": "GLSA-201804-19", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201804-19" + }, + { + "refsource": "UBUNTU", + "name": "USN-4267-1", + "url": "https://usn.ubuntu.com/4267-1/" } ] } diff --git a/2018/0xxx/CVE-2018-0488.json b/2018/0xxx/CVE-2018-0488.json index cbbe6cac1dd..d8067153c8d 100644 --- a/2018/0xxx/CVE-2018-0488.json +++ b/2018/0xxx/CVE-2018-0488.json @@ -76,6 +76,11 @@ "name": "GLSA-201804-19", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201804-19" + }, + { + "refsource": "UBUNTU", + "name": "USN-4267-1", + "url": "https://usn.ubuntu.com/4267-1/" } ] } diff --git a/2018/0xxx/CVE-2018-0497.json b/2018/0xxx/CVE-2018-0497.json index 2bdabe6d8e4..0326e5c3417 100644 --- a/2018/0xxx/CVE-2018-0497.json +++ b/2018/0xxx/CVE-2018-0497.json @@ -66,6 +66,11 @@ "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02", "refsource": "CONFIRM", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02" + }, + { + "refsource": "UBUNTU", + "name": "USN-4267-1", + "url": "https://usn.ubuntu.com/4267-1/" } ] } diff --git a/2018/0xxx/CVE-2018-0498.json b/2018/0xxx/CVE-2018-0498.json index c2f4f51af30..2217fcb0fc4 100644 --- a/2018/0xxx/CVE-2018-0498.json +++ b/2018/0xxx/CVE-2018-0498.json @@ -66,6 +66,11 @@ "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02", "refsource": "CONFIRM", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02" + }, + { + "refsource": "UBUNTU", + "name": "USN-4267-1", + "url": "https://usn.ubuntu.com/4267-1/" } ] } diff --git a/2018/0xxx/CVE-2018-0802.json b/2018/0xxx/CVE-2018-0802.json index 01fae3338b4..8949db40004 100644 --- a/2018/0xxx/CVE-2018-0802.json +++ b/2018/0xxx/CVE-2018-0802.json @@ -82,6 +82,11 @@ "name": "https://github.com/zldww2011/CVE-2018-0802_POC", "refsource": "MISC", "url": "https://github.com/zldww2011/CVE-2018-0802_POC" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/", + "url": "https://research.checkpoint.com/another-office-equation-rce-vulnerability/" } ] } diff --git a/2018/10xxx/CVE-2018-10103.json b/2018/10xxx/CVE-2018-10103.json index 39a5dcbc36c..425411e67c2 100644 --- a/2018/10xxx/CVE-2018-10103.json +++ b/2018/10xxx/CVE-2018-10103.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/10xxx/CVE-2018-10105.json b/2018/10xxx/CVE-2018-10105.json index 4d9bf99b7c9..e4e2fa09e7f 100644 --- a/2018/10xxx/CVE-2018-10105.json +++ b/2018/10xxx/CVE-2018-10105.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/10xxx/CVE-2018-10237.json b/2018/10xxx/CVE-2018-10237.json index 870c1b63043..39e2db49ff2 100644 --- a/2018/10xxx/CVE-2018-10237.json +++ b/2018/10xxx/CVE-2018-10237.json @@ -176,6 +176,21 @@ "refsource": "MLIST", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237", + "url": "https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d@%3Cdev.cxf.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237", + "url": "https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a@%3Cdev.cxf.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237", + "url": "https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3@%3Cdev.cxf.apache.org%3E" } ] } diff --git a/2018/10xxx/CVE-2018-10893.json b/2018/10xxx/CVE-2018-10893.json index adb69639310..077170e5640 100644 --- a/2018/10xxx/CVE-2018-10893.json +++ b/2018/10xxx/CVE-2018-10893.json @@ -84,6 +84,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2229", "url": "https://access.redhat.com/errata/RHSA-2019:2229" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0471", + "url": "https://access.redhat.com/errata/RHSA-2020:0471" } ] } diff --git a/2018/11xxx/CVE-2018-11243.json b/2018/11xxx/CVE-2018-11243.json index 025e1dc0327..06292b1752a 100644 --- a/2018/11xxx/CVE-2018-11243.json +++ b/2018/11xxx/CVE-2018-11243.json @@ -71,6 +71,31 @@ "refsource": "FEDORA", "name": "FEDORA-2020-20cf0743f5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D7XU42G6MUQQXHWRP7DCF2JSIBOJ5GOO/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0162", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0163", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0180", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0179", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00008.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-67590fbf08", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUTVSTXAFTD552NO2K2RIF6MDQEHP3BE/" } ] } diff --git a/2018/11xxx/CVE-2018-11479.json b/2018/11xxx/CVE-2018-11479.json index e63db4c7f7b..df5d36fcc8c 100644 --- a/2018/11xxx/CVE-2018-11479.json +++ b/2018/11xxx/CVE-2018-11479.json @@ -56,6 +56,11 @@ "name": "http://sqlulz.blogspot.com/2018/05/windscribe-vpn-privilege-escalation.html", "refsource": "MISC", "url": "http://sqlulz.blogspot.com/2018/05/windscribe-vpn-privilege-escalation.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156222/Windscribe-WindscribeService-Named-Pipe-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156222/Windscribe-WindscribeService-Named-Pipe-Privilege-Escalation.html" } ] } diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index f68f6cb1d85..35e1aae2522 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/11xxx/CVE-2018-11784.json b/2018/11xxx/CVE-2018-11784.json index 05898d78c7d..11472e34b72 100644 --- a/2018/11xxx/CVE-2018-11784.json +++ b/2018/11xxx/CVE-2018-11784.json @@ -228,6 +228,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/14xxx/CVE-2018-14461.json b/2018/14xxx/CVE-2018-14461.json index 80857495b40..ad8a507fe3e 100644 --- a/2018/14xxx/CVE-2018-14461.json +++ b/2018/14xxx/CVE-2018-14461.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14462.json b/2018/14xxx/CVE-2018-14462.json index 239bb2fe9e2..9387f2571d3 100644 --- a/2018/14xxx/CVE-2018-14462.json +++ b/2018/14xxx/CVE-2018-14462.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14463.json b/2018/14xxx/CVE-2018-14463.json index fbd41bbbb34..01392fbecfe 100644 --- a/2018/14xxx/CVE-2018-14463.json +++ b/2018/14xxx/CVE-2018-14463.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14464.json b/2018/14xxx/CVE-2018-14464.json index b79f130aa76..1401e20ad96 100644 --- a/2018/14xxx/CVE-2018-14464.json +++ b/2018/14xxx/CVE-2018-14464.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14465.json b/2018/14xxx/CVE-2018-14465.json index 62f7c720f27..c70ab405fdf 100644 --- a/2018/14xxx/CVE-2018-14465.json +++ b/2018/14xxx/CVE-2018-14465.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14466.json b/2018/14xxx/CVE-2018-14466.json index 8bc949c81db..db4bb7338de 100644 --- a/2018/14xxx/CVE-2018-14466.json +++ b/2018/14xxx/CVE-2018-14466.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14467.json b/2018/14xxx/CVE-2018-14467.json index 3eb09f3274b..fb7f8aca676 100644 --- a/2018/14xxx/CVE-2018-14467.json +++ b/2018/14xxx/CVE-2018-14467.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14468.json b/2018/14xxx/CVE-2018-14468.json index 2988d4afed8..bb844fd7209 100644 --- a/2018/14xxx/CVE-2018-14468.json +++ b/2018/14xxx/CVE-2018-14468.json @@ -131,6 +131,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14469.json b/2018/14xxx/CVE-2018-14469.json index fc198c05369..4646d990b6b 100644 --- a/2018/14xxx/CVE-2018-14469.json +++ b/2018/14xxx/CVE-2018-14469.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14470.json b/2018/14xxx/CVE-2018-14470.json index 9bc554ef005..e3ed188c154 100644 --- a/2018/14xxx/CVE-2018-14470.json +++ b/2018/14xxx/CVE-2018-14470.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14553.json b/2018/14xxx/CVE-2018-14553.json index 2b89d3f2435..7bfad2e090c 100644 --- a/2018/14xxx/CVE-2018-14553.json +++ b/2018/14xxx/CVE-2018-14553.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14553", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599032", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1599032" + }, + { + "refsource": "MISC", + "name": "https://github.com/libgd/libgd/pull/580", + "url": "https://github.com/libgd/libgd/pull/580" + }, + { + "refsource": "MISC", + "name": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f", + "url": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f" } ] } diff --git a/2018/14xxx/CVE-2018-14879.json b/2018/14xxx/CVE-2018-14879.json index 97866773ef6..ec225b669bf 100644 --- a/2018/14xxx/CVE-2018-14879.json +++ b/2018/14xxx/CVE-2018-14879.json @@ -131,6 +131,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14880.json b/2018/14xxx/CVE-2018-14880.json index aae5b98dfbf..837700d8a8a 100644 --- a/2018/14xxx/CVE-2018-14880.json +++ b/2018/14xxx/CVE-2018-14880.json @@ -131,6 +131,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14881.json b/2018/14xxx/CVE-2018-14881.json index 45eccd0c957..e06b22df11c 100644 --- a/2018/14xxx/CVE-2018-14881.json +++ b/2018/14xxx/CVE-2018-14881.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14882.json b/2018/14xxx/CVE-2018-14882.json index 3a51b8fa4dc..17240807a9f 100644 --- a/2018/14xxx/CVE-2018-14882.json +++ b/2018/14xxx/CVE-2018-14882.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16227.json b/2018/16xxx/CVE-2018-16227.json index 193083f2f5b..b6a002a5728 100644 --- a/2018/16xxx/CVE-2018-16227.json +++ b/2018/16xxx/CVE-2018-16227.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16228.json b/2018/16xxx/CVE-2018-16228.json index c6b95aa6970..1c34302995b 100644 --- a/2018/16xxx/CVE-2018-16228.json +++ b/2018/16xxx/CVE-2018-16228.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16229.json b/2018/16xxx/CVE-2018-16229.json index 966891d3bf0..5294c4f26df 100644 --- a/2018/16xxx/CVE-2018-16229.json +++ b/2018/16xxx/CVE-2018-16229.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16230.json b/2018/16xxx/CVE-2018-16230.json index e6bbad67d20..7c731090a53 100644 --- a/2018/16xxx/CVE-2018-16230.json +++ b/2018/16xxx/CVE-2018-16230.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16300.json b/2018/16xxx/CVE-2018-16300.json index ccc4daa2873..0dd8232d73a 100644 --- a/2018/16xxx/CVE-2018-16300.json +++ b/2018/16xxx/CVE-2018-16300.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16428.json b/2018/16xxx/CVE-2018-16428.json index d44799673a3..46b1139957b 100644 --- a/2018/16xxx/CVE-2018-16428.json +++ b/2018/16xxx/CVE-2018-16428.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200214 Re: CVE for program distributing vulnerable components ?", + "url": "http://www.openwall.com/lists/oss-security/2020/02/14/3" } ] } diff --git a/2018/16xxx/CVE-2018-16451.json b/2018/16xxx/CVE-2018-16451.json index 2f287794e67..b8473d30ab6 100644 --- a/2018/16xxx/CVE-2018-16451.json +++ b/2018/16xxx/CVE-2018-16451.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16452.json b/2018/16xxx/CVE-2018-16452.json index 5de4297828c..7ae241dafc1 100644 --- a/2018/16xxx/CVE-2018-16452.json +++ b/2018/16xxx/CVE-2018-16452.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16471.json b/2018/16xxx/CVE-2018-16471.json index 2bce1acf80a..16861e8c578 100644 --- a/2018/16xxx/CVE-2018-16471.json +++ b/2018/16xxx/CVE-2018-16471.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4089-1", "url": "https://usn.ubuntu.com/4089-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0214", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html" } ] } diff --git a/2018/16xxx/CVE-2018-16888.json b/2018/16xxx/CVE-2018-16888.json index 3dbb0417b9d..596765b4fbd 100644 --- a/2018/16xxx/CVE-2018-16888.json +++ b/2018/16xxx/CVE-2018-16888.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[cassandra-user] 20190809 cassandra does not start with new systemd version", "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E" + }, + { + "refsource": "UBUNTU", + "name": "USN-4269-1", + "url": "https://usn.ubuntu.com/4269-1/" } ] } diff --git a/2018/17xxx/CVE-2018-17093.json b/2018/17xxx/CVE-2018-17093.json index 3585c265b82..4ee4a6227de 100644 --- a/2018/17xxx/CVE-2018-17093.json +++ b/2018/17xxx/CVE-2018-17093.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-17093", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17093", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_get_path in lib/util.c." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/mackyle/xar/issues/19", - "refsource": "MISC", - "url": "https://github.com/mackyle/xar/issues/19" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2020-bbd24dd0cf", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11125. Reason: This candidate is a duplicate of CVE-2017-11125. Notes: All CVE users should reference CVE-2017-11125 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2018/17xxx/CVE-2018-17094.json b/2018/17xxx/CVE-2018-17094.json index 9722b8b8b14..6b2b1051ad5 100644 --- a/2018/17xxx/CVE-2018-17094.json +++ b/2018/17xxx/CVE-2018-17094.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-17094", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17094", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_unserialize in lib/archive.c." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/mackyle/xar/issues/20", - "refsource": "MISC", - "url": "https://github.com/mackyle/xar/issues/20" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2020-bbd24dd0cf", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11124. Reason: This candidate is a duplicate of CVE-2017-11124. Notes: All CVE users should reference CVE-2017-11124 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2018/17xxx/CVE-2018-17200.json b/2018/17xxx/CVE-2018-17200.json index 4fa8c0f4e94..07403d0d632 100644 --- a/2018/17xxx/CVE-2018-17200.json +++ b/2018/17xxx/CVE-2018-17200.json @@ -48,6 +48,11 @@ "refsource": "MLIST", "name": "[ofbiz-dev] 20190910 [CVE-2018-17200] Apache OFBiz unauthenticated remote code execution vulnerability in HttpEngine", "url": "https://s.apache.org/m9boi" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-commits] 20200206 svn commit: r1873710 - in /ofbiz/site: security.html template/page/security.tpl.php", + "url": "https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151@%3Ccommits.ofbiz.apache.org%3E" } ] }, diff --git a/2018/18xxx/CVE-2018-18065.json b/2018/18xxx/CVE-2018-18065.json index 28f897346e5..cf308d4bc70 100644 --- a/2018/18xxx/CVE-2018-18065.json +++ b/2018/18xxx/CVE-2018-18065.json @@ -106,6 +106,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf" } ] } diff --git a/2018/18xxx/CVE-2018-18898.json b/2018/18xxx/CVE-2018-18898.json index 9a6e99da587..ecd665423c0 100644 --- a/2018/18xxx/CVE-2018-18898.json +++ b/2018/18xxx/CVE-2018-18898.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://bestpractical.com/download-page", "url": "https://bestpractical.com/download-page" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html" } ] } diff --git a/2018/19xxx/CVE-2018-19519.json b/2018/19xxx/CVE-2018-19519.json index 54a9166f0a6..8da5bb3e901 100644 --- a/2018/19xxx/CVE-2018-19519.json +++ b/2018/19xxx/CVE-2018-19519.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2018/1xxx/CVE-2018-1304.json b/2018/1xxx/CVE-2018-1304.json index 885b7283e86..ec22de374db 100644 --- a/2018/1xxx/CVE-2018-1304.json +++ b/2018/1xxx/CVE-2018-1304.json @@ -232,6 +232,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1305.json b/2018/1xxx/CVE-2018-1305.json index 5464294b818..f3c34c01ed4 100644 --- a/2018/1xxx/CVE-2018-1305.json +++ b/2018/1xxx/CVE-2018-1305.json @@ -207,6 +207,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1323.json b/2018/1xxx/CVE-2018-1323.json index f11a75a5ac6..bb4e8f65816 100644 --- a/2018/1xxx/CVE-2018-1323.json +++ b/2018/1xxx/CVE-2018-1323.json @@ -92,6 +92,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/1xxx/CVE-2018-1336.json b/2018/1xxx/CVE-2018-1336.json index a214b4f7ccc..d208f8bfe38 100644 --- a/2018/1xxx/CVE-2018-1336.json +++ b/2018/1xxx/CVE-2018-1336.json @@ -231,6 +231,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/21xxx/CVE-2018-21032.json b/2018/21xxx/CVE-2018-21032.json index 7f510017cbd..3735199b2ff 100644 --- a/2018/21xxx/CVE-2018-21032.json +++ b/2018/21xxx/CVE-2018-21032.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21032", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21032", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/", + "refsource": "MISC", + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/", + "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21033.json b/2018/21xxx/CVE-2018-21033.json index 1642b1d150b..868a2914c94 100644 --- a/2018/21xxx/CVE-2018-21033.json +++ b/2018/21xxx/CVE-2018-21033.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21033", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21033", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/", + "refsource": "MISC", + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/", + "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21034.json b/2018/21xxx/CVE-2018-21034.json new file mode 100644 index 00000000000..7200bcd6d4f --- /dev/null +++ b/2018/21xxx/CVE-2018-21034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-21034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3987.json b/2018/3xxx/CVE-2018-3987.json index 04d87114f33..799d9afa214 100644 --- a/2018/3xxx/CVE-2018-3987.json +++ b/2018/3xxx/CVE-2018-3987.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3987", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3987", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": " Rakuten Viber", + "version": { + "version_data": [ + { + "version_value": "Rakuten Viber Android 9.3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0655", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0655" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device." } ] } diff --git a/2018/4xxx/CVE-2018-4985.json b/2018/4xxx/CVE-2018-4985.json index 0032412d9c0..ad3d3e32669 100644 --- a/2018/4xxx/CVE-2018-4985.json +++ b/2018/4xxx/CVE-2018-4985.json @@ -66,6 +66,11 @@ "name": "104175", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104175" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/5xxx/CVE-2018-5063.json b/2018/5xxx/CVE-2018-5063.json index e2752108882..145be92d4fb 100644 --- a/2018/5xxx/CVE-2018-5063.json +++ b/2018/5xxx/CVE-2018-5063.json @@ -66,6 +66,11 @@ "name": "1041250", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041250" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/5xxx/CVE-2018-5064.json b/2018/5xxx/CVE-2018-5064.json index 342fbe34114..e2699097e8f 100644 --- a/2018/5xxx/CVE-2018-5064.json +++ b/2018/5xxx/CVE-2018-5064.json @@ -66,6 +66,11 @@ "name": "104701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104701" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/5xxx/CVE-2018-5065.json b/2018/5xxx/CVE-2018-5065.json index 4f1d608c2f4..42f27ce5518 100644 --- a/2018/5xxx/CVE-2018-5065.json +++ b/2018/5xxx/CVE-2018-5065.json @@ -66,6 +66,11 @@ "name": "104701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104701" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/5xxx/CVE-2018-5746.json b/2018/5xxx/CVE-2018-5746.json index 8e4faa7c4d4..affdb4cb8cd 100644 --- a/2018/5xxx/CVE-2018-5746.json +++ b/2018/5xxx/CVE-2018-5746.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5746", - "STATE": "RESERVED" + "STATE": "REJECT" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,8 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } -} \ No newline at end of file +} diff --git a/2018/8xxx/CVE-2018-8014.json b/2018/8xxx/CVE-2018-8014.json index e2c63856e0c..94091c8ad38 100644 --- a/2018/8xxx/CVE-2018-8014.json +++ b/2018/8xxx/CVE-2018-8014.json @@ -235,6 +235,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8019.json b/2018/8xxx/CVE-2018-8019.json index 8ca7548437c..55dbc260b2a 100644 --- a/2018/8xxx/CVE-2018-8019.json +++ b/2018/8xxx/CVE-2018-8019.json @@ -100,6 +100,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8020.json b/2018/8xxx/CVE-2018-8020.json index 92b4462e125..d2141ee7252 100644 --- a/2018/8xxx/CVE-2018-8020.json +++ b/2018/8xxx/CVE-2018-8020.json @@ -100,6 +100,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8034.json b/2018/8xxx/CVE-2018-8034.json index 80e7a64fb1b..636c26d10af 100644 --- a/2018/8xxx/CVE-2018-8034.json +++ b/2018/8xxx/CVE-2018-8034.json @@ -246,6 +246,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8037.json b/2018/8xxx/CVE-2018-8037.json index 7396aa27fa4..2c73902106e 100644 --- a/2018/8xxx/CVE-2018-8037.json +++ b/2018/8xxx/CVE-2018-8037.json @@ -170,6 +170,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8476.json b/2018/8xxx/CVE-2018-8476.json index 5e393ed9b06..dc3f26a401c 100644 --- a/2018/8xxx/CVE-2018-8476.json +++ b/2018/8xxx/CVE-2018-8476.json @@ -144,6 +144,11 @@ "name": "105774", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105774" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2019/pxe-dust-finding-a-vulnerability-in-windows-servers-deployment-services/", + "url": "https://research.checkpoint.com/2019/pxe-dust-finding-a-vulnerability-in-windows-servers-deployment-services/" } ] } diff --git a/2019/0xxx/CVE-2019-0090.json b/2019/0xxx/CVE-2019-0090.json index a053e2f3b40..8da390785fb 100644 --- a/2019/0xxx/CVE-2019-0090.json +++ b/2019/0xxx/CVE-2019-0090.json @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access." + "value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access." } ] } diff --git a/2019/0xxx/CVE-2019-0151.json b/2019/0xxx/CVE-2019-0151.json index e4ce487feb1..a112675a931 100644 --- a/2019/0xxx/CVE-2019-0151.json +++ b/2019/0xxx/CVE-2019-0151.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf" } ] }, diff --git a/2019/0xxx/CVE-2019-0152.json b/2019/0xxx/CVE-2019-0152.json index 57065865a07..59fd1e06d2b 100644 --- a/2019/0xxx/CVE-2019-0152.json +++ b/2019/0xxx/CVE-2019-0152.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf" } ] }, diff --git a/2019/0xxx/CVE-2019-0169.json b/2019/0xxx/CVE-2019-0169.json index 58fe24137c4..0b321aa02cf 100644 --- a/2019/0xxx/CVE-2019-0169.json +++ b/2019/0xxx/CVE-2019-0169.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf" } ] }, diff --git a/2019/0xxx/CVE-2019-0189.json b/2019/0xxx/CVE-2019-0189.json index 0e88cf915f9..6fbf4718b5f 100644 --- a/2019/0xxx/CVE-2019-0189.json +++ b/2019/0xxx/CVE-2019-0189.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[ofbiz-notifications] 20190913 [jira] [Updated] (OFBIZ-10770) Update Apache commons-fileupload to last version (CVE-2019-0189)", "url": "https://lists.apache.org/thread.html/986ed5f1a0e209f87ed4a2d348ae5735054f9188912bb2fed7a5543f@%3Cnotifications.ofbiz.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-commits] 20200206 svn commit: r1873710 - in /ofbiz/site: security.html template/page/security.tpl.php", + "url": "https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151@%3Ccommits.ofbiz.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0193.json b/2019/0xxx/CVE-2019-0193.json index 2187cf1a2b9..306eae8a35b 100644 --- a/2019/0xxx/CVE-2019-0193.json +++ b/2019/0xxx/CVE-2019-0193.json @@ -103,6 +103,16 @@ "refsource": "MLIST", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20200213 Re: 7.7.3 bugfix release", + "url": "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20200214 Re: 7.7.3 bugfix release", + "url": "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index 4c6e5038a11..c084b42478e 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -203,6 +203,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index a0bcd0fb5d0..09a1a94b91f 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -128,6 +128,21 @@ "refsource": "MLIST", "name": "[thrift-dev] 20200127 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "url": "https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200208 [jira] [Comment Edited] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200208 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-commits] 20200208 [thrift] 01/01: THRIFT-5075: Backport changes for CVE-2019-0205 to 0.9.3.1 branch", + "url": "https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a@%3Ccommits.thrift.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0221.json b/2019/0xxx/CVE-2019-0221.json index 7e588226da2..b0bfdbb5bca 100644 --- a/2019/0xxx/CVE-2019-0221.json +++ b/2019/0xxx/CVE-2019-0221.json @@ -159,6 +159,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0232.json b/2019/0xxx/CVE-2019-0232.json index 17fec0a52c7..ea931deab20 100644 --- a/2019/0xxx/CVE-2019-0232.json +++ b/2019/0xxx/CVE-2019-0232.json @@ -184,6 +184,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2019/1010xxx/CVE-2019-1010006.json b/2019/1010xxx/CVE-2019-1010006.json index 492705ca4cb..432c7023b34 100644 --- a/2019/1010xxx/CVE-2019-1010006.json +++ b/2019/1010xxx/CVE-2019-1010006.json @@ -81,6 +81,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1908", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4624", + "url": "https://www.debian.org/security/2020/dsa-4624" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4624-1] evince security update", + "url": "https://seclists.org/bugtraq/2020/Feb/18" } ] } diff --git a/2019/1010xxx/CVE-2019-1010220.json b/2019/1010xxx/CVE-2019-1010220.json index 9ba578a4940..28e35ce755e 100644 --- a/2019/1010xxx/CVE-2019-1010220.json +++ b/2019/1010xxx/CVE-2019-1010220.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10072.json b/2019/10xxx/CVE-2019-10072.json index 983ac185f6e..f4461d718e9 100644 --- a/2019/10xxx/CVE-2019-10072.json +++ b/2019/10xxx/CVE-2019-10072.json @@ -113,6 +113,16 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10073.json b/2019/10xxx/CVE-2019-10073.json index 28ca81a6281..0886fd29400 100644 --- a/2019/10xxx/CVE-2019-10073.json +++ b/2019/10xxx/CVE-2019-10073.json @@ -48,6 +48,11 @@ "refsource": "MLIST", "name": "[ofbiz-dev] 20190910 [CVE-2019-10073] Apache OFBiz XSS vulnerability in the \"ecommerce\" component", "url": "https://s.apache.org/w6edy" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-commits] 20200206 svn commit: r1873710 - in /ofbiz/site: security.html template/page/security.tpl.php", + "url": "https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151@%3Ccommits.ofbiz.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10173.json b/2019/10xxx/CVE-2019-10173.json index 92c557320b7..215966a146a 100644 --- a/2019/10xxx/CVE-2019-10173.json +++ b/2019/10xxx/CVE-2019-10173.json @@ -63,6 +63,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4352", "url": "https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] }, diff --git a/2019/10xxx/CVE-2019-10174.json b/2019/10xxx/CVE-2019-10174.json index 37bfce8fd0d..a53291c3186 100644 --- a/2019/10xxx/CVE-2019-10174.json +++ b/2019/10xxx/CVE-2019-10174.json @@ -51,6 +51,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0481", + "url": "https://access.redhat.com/errata/RHSA-2020:0481" } ] }, diff --git a/2019/10xxx/CVE-2019-10195.json b/2019/10xxx/CVE-2019-10195.json index 8cbcf7dc7bb..c44ca060aab 100644 --- a/2019/10xxx/CVE-2019-10195.json +++ b/2019/10xxx/CVE-2019-10195.json @@ -87,6 +87,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-c64e1612f5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0378", + "url": "https://access.redhat.com/errata/RHSA-2020:0378" } ] }, diff --git a/2019/10xxx/CVE-2019-10219.json b/2019/10xxx/CVE-2019-10219.json index bb6e6db2633..4fadb4f0b6f 100644 --- a/2019/10xxx/CVE-2019-10219.json +++ b/2019/10xxx/CVE-2019-10219.json @@ -83,6 +83,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0161", "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] }, diff --git a/2019/10xxx/CVE-2019-10567.json b/2019/10xxx/CVE-2019-10567.json index 568c5d7dba7..f7936900673 100644 --- a/2019/10xxx/CVE-2019-10567.json +++ b/2019/10xxx/CVE-2019-10567.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration Issue in Linux Graphics" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10590.json b/2019/10xxx/CVE-2019-10590.json index 9414f97d0d0..f2a1f11053a 100644 --- a/2019/10xxx/CVE-2019-10590.json +++ b/2019/10xxx/CVE-2019-10590.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index Issue in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10716.json b/2019/10xxx/CVE-2019-10716.json index b7eb62e92ec..32d15d99f6d 100644 --- a/2019/10xxx/CVE-2019-10716.json +++ b/2019/10xxx/CVE-2019-10716.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://www.nolanbkennedy.com/post/cve-2019-10716-information-disclosure-verodin-director", "url": "http://www.nolanbkennedy.com/post/cve-2019-10716-information-disclosure-verodin-director" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156214/Verodin-Director-Web-Console-3.5.4.0-Password-Disclosure.html", + "url": "http://packetstormsecurity.com/files/156214/Verodin-Director-Web-Console-3.5.4.0-Password-Disclosure.html" } ] } diff --git a/2019/10xxx/CVE-2019-10746.json b/2019/10xxx/CVE-2019-10746.json index e94b3fe593a..2cbb70a614e 100644 --- a/2019/10xxx/CVE-2019-10746.json +++ b/2019/10xxx/CVE-2019-10746.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212", "url": "https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f80e5c0d65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4a8f110332", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/" } ] }, diff --git a/2019/10xxx/CVE-2019-10747.json b/2019/10xxx/CVE-2019-10747.json index 63fd4812dc7..99bc678a033 100644 --- a/2019/10xxx/CVE-2019-10747.json +++ b/2019/10xxx/CVE-2019-10747.json @@ -53,6 +53,16 @@ "refsource": "MLIST", "name": "[drat-dev] 20191029 [GitHub] [drat] ottlinger opened a new issue #202: Fix security issue in set-value", "url": "https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1f1c94907b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-582515fa8a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/" } ] }, diff --git a/2019/10xxx/CVE-2019-10773.json b/2019/10xxx/CVE-2019-10773.json index 7aa624bd538..393eafb5605 100644 --- a/2019/10xxx/CVE-2019-10773.json +++ b/2019/10xxx/CVE-2019-10773.json @@ -63,6 +63,21 @@ "refsource": "MISC", "name": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/", "url": "https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-766ce5adae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-7525beefa1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0475", + "url": "https://access.redhat.com/errata/RHSA-2020:0475" } ] }, diff --git a/2019/10xxx/CVE-2019-10782.json b/2019/10xxx/CVE-2019-10782.json index 6ca42b35ea5..540489b3c51 100644 --- a/2019/10xxx/CVE-2019-10782.json +++ b/2019/10xxx/CVE-2019-10782.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266", "url": "https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200210 [SECURITY] [DLA 2099-1] checkstyle security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00008.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10784.json b/2019/10xxx/CVE-2019-10784.json index 73a8269b5c5..ef6659a7aa2 100644 --- a/2019/10xxx/CVE-2019-10784.json +++ b/2019/10xxx/CVE-2019-10784.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "phppgadmin", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885", + "url": "https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, \"database.php\" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server." } ] } diff --git a/2019/10xxx/CVE-2019-10785.json b/2019/10xxx/CVE-2019-10785.json index e4edb77003a..42b59b3db25 100644 --- a/2019/10xxx/CVE-2019-10785.json +++ b/2019/10xxx/CVE-2019-10785.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "dojox", + "version": { + "version_data": [ + { + "version_value": "all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-DOJOX-548257,", + "url": "https://snyk.io/vuln/SNYK-JS-DOJOX-548257," + }, + { + "refsource": "MISC", + "name": "https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr", + "url": "https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them." } ] } diff --git a/2019/10xxx/CVE-2019-10786.json b/2019/10xxx/CVE-2019-10786.json index e132354e080..b48009db872 100644 --- a/2019/10xxx/CVE-2019-10786.json +++ b/2019/10xxx/CVE-2019-10786.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "network-manager", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-NETWORKMANAGER-544035", + "url": "https://snyk.io/vuln/SNYK-JS-NETWORKMANAGER-544035" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the \"execSync()\" argument." } ] } diff --git a/2019/10xxx/CVE-2019-10787.json b/2019/10xxx/CVE-2019-10787.json index 2aec8a97446..929981b256f 100644 --- a/2019/10xxx/CVE-2019-10787.json +++ b/2019/10xxx/CVE-2019-10787.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "im-resize", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183", + "url": "https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03", + "url": "https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the \"exec\" argument. The cmd argument used within index.js, can be controlled by user without any sanitization." } ] } diff --git a/2019/10xxx/CVE-2019-10788.json b/2019/10xxx/CVE-2019-10788.json index 8cb54da868e..5c1c5c0dddd 100644 --- a/2019/10xxx/CVE-2019-10788.json +++ b/2019/10xxx/CVE-2019-10788.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "im-metadata", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184", + "url": "https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639", + "url": "https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the \"exec\" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the \"exec\" function." } ] } diff --git a/2019/10xxx/CVE-2019-10789.json b/2019/10xxx/CVE-2019-10789.json index efd88320645..44e911b7de5 100644 --- a/2019/10xxx/CVE-2019-10789.json +++ b/2019/10xxx/CVE-2019-10789.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "curling.js", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-CURLING-546484", + "url": "https://snyk.io/vuln/SNYK-JS-CURLING-546484" + }, + { + "refsource": "MISC", + "name": "https://github.com/hgarcia/curling/blob/e861d625c074679a2931bcf4ce8da0afa8162c53/lib/curl-transport.js#L56", + "url": "https://github.com/hgarcia/curling/blob/e861d625c074679a2931bcf4ce8da0afa8162c53/lib/curl-transport.js#L56" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization." } ] } diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index 169a697dc94..0377b5f0277 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -74,6 +74,26 @@ ] } }, + { + "product_name": "SIMATIC CP1604", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.8" + } + ] + } + }, + { + "product_name": "SIMATIC CP1616", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.8" + } + ] + } + }, { "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", "version": { @@ -104,6 +124,16 @@ ] } }, + { + "product_name": "SIMATIC ET200pro", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC ET200pro (incl. SIPLUS variants)", "version": { @@ -189,7 +219,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V1.3" } ] } @@ -356,7 +386,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." + "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC CP1604 (All versions < V2.8), SIMATIC CP1616 (All versions < V2.8), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." } ] }, diff --git a/2019/10xxx/CVE-2019-10929.json b/2019/10xxx/CVE-2019-10929.json index 3d41cf9986e..4f7d7aa4a05 100644 --- a/2019/10xxx/CVE-2019-10929.json +++ b/2019/10xxx/CVE-2019-10929.json @@ -59,7 +59,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V16" } ] } @@ -164,6 +164,16 @@ ] } }, + { + "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.1" + } + ] + } + }, { "product_name": "TIM 1531 IRC (incl. SIPLUS variant)", "version": { @@ -196,7 +206,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC OA (All versions <= 3.16 patch version 12), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication." + "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions < V16), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC OA (All versions <= 3.16 patch version 12), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication." } ] }, diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index a106a45ec70..4e47edac6a7 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -54,6 +54,26 @@ ] } }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.0" + } + ] + } + }, + { + "product_name": "SIMATIC ET200AL", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC ET200AL (incl. SIPLUS variants)", "version": { @@ -204,6 +224,16 @@ ] } }, + { + "product_name": "SIMATIC ET200pro", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC ET200pro (incl. SIPLUS variants)", "version": { @@ -234,6 +264,16 @@ ] } }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants)", "version": { @@ -369,7 +409,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V1.3" } ] } @@ -536,7 +576,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET200AL (incl. SIPLUS variants) (All versions), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants) (All versions < V4.3.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions < V4.2.1), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 PN Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < 4.8), SINAMICS G150 Control Unit (All versions < 4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants) (All versions), SINAMICS S150 Control Unit (All versions < 4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200AL (incl. SIPLUS variants), SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0), SIMATIC ET200pro, SIMATIC ET200pro (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/11xxx/CVE-2019-11041.json b/2019/11xxx/CVE-2019-11041.json index f604cc62830..fd0fcb3f723 100644 --- a/2019/11xxx/CVE-2019-11041.json +++ b/2019/11xxx/CVE-2019-11041.json @@ -136,6 +136,11 @@ "name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15", "url": "http://seclists.org/fulldisclosure/2019/Oct/15" }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + }, { "refsource": "FULLDISC", "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15", diff --git a/2019/11xxx/CVE-2019-11042.json b/2019/11xxx/CVE-2019-11042.json index b27d94b7a6a..821d6a33354 100644 --- a/2019/11xxx/CVE-2019-11042.json +++ b/2019/11xxx/CVE-2019-11042.json @@ -136,6 +136,11 @@ "name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15", "url": "http://seclists.org/fulldisclosure/2019/Oct/15" }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + }, { "refsource": "FULLDISC", "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15", diff --git a/2019/11xxx/CVE-2019-11135.json b/2019/11xxx/CVE-2019-11135.json index ebf3331535b..eba7c5e49ae 100644 --- a/2019/11xxx/CVE-2019-11135.json +++ b/2019/11xxx/CVE-2019-11135.json @@ -158,6 +158,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0279", "url": "https://access.redhat.com/errata/RHSA-2020:0279" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0366", + "url": "https://access.redhat.com/errata/RHSA-2020:0366" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10306", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10306" } ] }, diff --git a/2019/11xxx/CVE-2019-11215.json b/2019/11xxx/CVE-2019-11215.json index fd63c8e9726..fbba32a758e 100644 --- a/2019/11xxx/CVE-2019-11215.json +++ b/2019/11xxx/CVE-2019-11215.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11215", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11215", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.itophub.io/wiki/page?id=2_6_0:release:change_log", + "refsource": "MISC", + "name": "https://www.itophub.io/wiki/page?id=2_6_0:release:change_log" + }, + { + "refsource": "MISC", + "name": "https://0day.love/itop_vulnerabilities_disclosure.pdf", + "url": "https://0day.love/itop_vulnerabilities_disclosure.pdf" } ] } diff --git a/2019/11xxx/CVE-2019-11459.json b/2019/11xxx/CVE-2019-11459.json index ec3ba64c84b..b5599c8165e 100644 --- a/2019/11xxx/CVE-2019-11459.json +++ b/2019/11xxx/CVE-2019-11459.json @@ -91,6 +91,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3553", "url": "https://access.redhat.com/errata/RHSA-2019:3553" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4624", + "url": "https://www.debian.org/security/2020/dsa-4624" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4624-1] evince security update", + "url": "https://seclists.org/bugtraq/2020/Feb/18" } ] } diff --git a/2019/11xxx/CVE-2019-11481.json b/2019/11xxx/CVE-2019-11481.json index 0081c8b5ce7..0e5ac52558b 100644 --- a/2019/11xxx/CVE-2019-11481.json +++ b/2019/11xxx/CVE-2019-11481.json @@ -1,18 +1,118 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-10-29T00:00:00.000Z", "ID": "CVE-2019-11481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apport reads arbitrary files if ~/.config/apport/settings is a symlink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "apport", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.14.1", + "version_value": "2.14.1-0ubuntu3.29+esm2" + }, + { + "version_affected": "<", + "version_name": "2.20.1", + "version_value": "2.20.1-0ubuntu2.20" + }, + { + "version_affected": "<", + "version_name": "2.20.9", + "version_value": "2.20.9-0ubuntu7.8" + }, + { + "version_affected": "<", + "version_name": "2.20.11", + "version_value": "2.20.11-0ubuntu8.1" + } + ] + } + } + ] + }, + "vendor_name": "Canonical" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kevin Backhouse" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Read user data with administrator privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-1", + "name": "https://usn.ubuntu.com/usn/usn-4171-1" + }, + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-2", + "name": "https://usn.ubuntu.com/usn/usn-4171-2" + } + ] + }, + "source": { + "advisory": "https://usn.ubuntu.com/usn/usn-4171-1", + "defect": [ + "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1830862" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11482.json b/2019/11xxx/CVE-2019-11482.json index d2a081f172a..8c59c6763c7 100644 --- a/2019/11xxx/CVE-2019-11482.json +++ b/2019/11xxx/CVE-2019-11482.json @@ -1,18 +1,118 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-10-29T00:00:00.000Z", "ID": "CVE-2019-11482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Race condition between reading current working directory and writing a core dump" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "apport", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.14.1", + "version_value": "2.14.1-0ubuntu3.29+esm2" + }, + { + "version_affected": "<", + "version_name": "2.20.1", + "version_value": "2.20.1-0ubuntu2.20" + }, + { + "version_affected": "<", + "version_name": "2.20.9", + "version_value": "2.20.9-0ubuntu7.8" + }, + { + "version_affected": "<", + "version_name": "2.20.11", + "version_value": "2.20.11-0ubuntu8.1" + } + ] + } + } + ] + }, + "vendor_name": "Canonical" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Sander Bos" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Read user data with administrator privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-1", + "name": "https://usn.ubuntu.com/usn/usn-4171-1" + }, + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-2", + "name": "https://usn.ubuntu.com/usn/usn-4171-2" + } + ] + }, + "source": { + "advisory": "https://usn.ubuntu.com/usn/usn-4171-1", + "defect": [ + "https://bugs.launchpad.net/apport/+bug/1839413" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11483.json b/2019/11xxx/CVE-2019-11483.json index aac28775584..9dc7b532d65 100644 --- a/2019/11xxx/CVE-2019-11483.json +++ b/2019/11xxx/CVE-2019-11483.json @@ -1,18 +1,117 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-10-29T00:00:00.000Z", "ID": "CVE-2019-11483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "apport", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.14.1", + "version_value": "2.14.1-0ubuntu3.29+esm2" + }, + { + "version_affected": "<", + "version_name": "2.20.1", + "version_value": "2.20.1-0ubuntu2.20" + }, + { + "version_affected": "<", + "version_name": "2.20.9", + "version_value": "2.20.9-0ubuntu7.8" + }, + { + "version_affected": "<", + "version_name": "2.20.11", + "version_value": "2.20.11-0ubuntu8.1" + } + ] + } + } + ] + }, + "vendor_name": "Canonical" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Sander Bos" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Read user data with administrator privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-1", + "name": "https://usn.ubuntu.com/usn/usn-4171-1" + }, + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-2", + "name": "https://usn.ubuntu.com/usn/usn-4171-2" + } + ] + }, + "source": { + "advisory": "https://usn.ubuntu.com/usn/usn-4171-1", + "defect": [ + "https://bugs.launchpad.net/apport/+bug/1839413" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11484.json b/2019/11xxx/CVE-2019-11484.json index 8069fdf3c2f..9a6713eb1bf 100644 --- a/2019/11xxx/CVE-2019-11484.json +++ b/2019/11xxx/CVE-2019-11484.json @@ -1,18 +1,113 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-10-29T00:00:00.000Z", "ID": "CVE-2019-11484", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Integer overflow in bson_ensure_space" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "whoopsie", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.2.52.5", + "version_value": "0.2.52.5ubuntu0.2" + }, + { + "version_affected": "<", + "version_name": "0.2.62", + "version_value": "0.2.62ubuntu0.2" + }, + { + "version_affected": "<", + "version_name": "0.2.66", + "version_value": "0.2.66ubuntu0.1" + } + ] + } + } + ] + }, + "vendor_name": "Canonical" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kevin Backhouse" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4170-1", + "name": "https://usn.ubuntu.com/usn/usn-4170-1" + }, + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4170-2", + "name": "https://usn.ubuntu.com/usn/usn-4170-2" + } + ] + }, + "source": { + "advisory": "https://usn.ubuntu.com/4170-1/", + "defect": [ + "https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830865" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11485.json b/2019/11xxx/CVE-2019-11485.json index 57bbd35d86e..29dda24a714 100644 --- a/2019/11xxx/CVE-2019-11485.json +++ b/2019/11xxx/CVE-2019-11485.json @@ -1,18 +1,118 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2019-10-29T00:00:00.000Z", "ID": "CVE-2019-11485", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "apport created lock file in wrong directory" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "apport", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.14.1", + "version_value": "2.14.1-0ubuntu3.29+esm2" + }, + { + "version_affected": "<", + "version_name": "2.20.1", + "version_value": "2.20.1-0ubuntu2.20" + }, + { + "version_affected": "<", + "version_name": "2.20.9", + "version_value": "2.20.9-0ubuntu7.8" + }, + { + "version_affected": "<", + "version_name": "2.20.11", + "version_value": "2.20.11-0ubuntu8.1" + } + ] + } + } + ] + }, + "vendor_name": "Canonical" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Sander Bos" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-412 Unrestricted Externally Accessible Lock" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-1", + "name": "https://usn.ubuntu.com/usn/usn-4171-1" + }, + { + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4171-2", + "name": "https://usn.ubuntu.com/usn/usn-4171-2" + } + ] + }, + "source": { + "advisory": "https://usn.ubuntu.com/usn/usn-4171-1", + "defect": [ + "https://bugs.launchpad.net/apport/+bug/1839415" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11516.json b/2019/11xxx/CVE-2019-11516.json index 2de83d82a89..877ffa04f8a 100644 --- a/2019/11xxx/CVE-2019-11516.json +++ b/2019/11xxx/CVE-2019-11516.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11516", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11516", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-08-01", + "url": "https://source.android.com/security/bulletin/2019-08-01" + }, + { + "refsource": "MISC", + "name": "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-arbitrary-code-execution_2019-078/", + "url": "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-arbitrary-code-execution_2019-078/" + }, + { + "refsource": "MISC", + "name": "https://www.techrepublic.com/article/android-security-bulletin-august-2019-what-you-need-to-know/", + "url": "https://www.techrepublic.com/article/android-security-bulletin-august-2019-what-you-need-to-know/" } ] } diff --git a/2019/11xxx/CVE-2019-11745.json b/2019/11xxx/CVE-2019-11745.json index 7e5d9b9e4a5..359bfbbc5da 100644 --- a/2019/11xxx/CVE-2019-11745.json +++ b/2019/11xxx/CVE-2019-11745.json @@ -108,6 +108,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0243", "url": "https://access.redhat.com/errata/RHSA-2020:0243" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0466", + "url": "https://access.redhat.com/errata/RHSA-2020:0466" } ] }, diff --git a/2019/11xxx/CVE-2019-11867.json b/2019/11xxx/CVE-2019-11867.json index 4a20927c3e3..fb12ffe9f5a 100644 --- a/2019/11xxx/CVE-2019-11867.json +++ b/2019/11xxx/CVE-2019-11867.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11867", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11867", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://downwithup.github.io/CVEPosts.html", + "url": "https://downwithup.github.io/CVEPosts.html" + }, + { + "url": "https://www.realtek.cz/realtek-network-drivers.html", + "refsource": "MISC", + "name": "https://www.realtek.cz/realtek-network-drivers.html" } ] } diff --git a/2019/12xxx/CVE-2019-12180.json b/2019/12xxx/CVE-2019-12180.json index 4de4c908e82..4e252491076 100644 --- a/2019/12xxx/CVE-2019-12180.json +++ b/2019/12xxx/CVE-2019-12180.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12180", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12180", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy \"Load Script\" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the \"Save Script\" function, which is executed automatically when saving a project." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lab.mediaservice.net/advisory/2020-04-readyapi-soapui.txt", + "url": "https://lab.mediaservice.net/advisory/2020-04-readyapi-soapui.txt" } ] } diff --git a/2019/12xxx/CVE-2019-12216.json b/2019/12xxx/CVE-2019-12216.json index 8d902077992..2481c6fd5e0 100644 --- a/2019/12xxx/CVE-2019-12216.json +++ b/2019/12xxx/CVE-2019-12216.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4238-1", "url": "https://usn.ubuntu.com/4238-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/12xxx/CVE-2019-12217.json b/2019/12xxx/CVE-2019-12217.json index 09808eb446e..239c5b6e37e 100644 --- a/2019/12xxx/CVE-2019-12217.json +++ b/2019/12xxx/CVE-2019-12217.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4238-1", "url": "https://usn.ubuntu.com/4238-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/12xxx/CVE-2019-12218.json b/2019/12xxx/CVE-2019-12218.json index 365bae998bf..212f28bfc5f 100644 --- a/2019/12xxx/CVE-2019-12218.json +++ b/2019/12xxx/CVE-2019-12218.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4238-1", "url": "https://usn.ubuntu.com/4238-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/12xxx/CVE-2019-12219.json b/2019/12xxx/CVE-2019-12219.json index 6445b0d2cf9..cf23f51ebe5 100644 --- a/2019/12xxx/CVE-2019-12219.json +++ b/2019/12xxx/CVE-2019-12219.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4238-1", "url": "https://usn.ubuntu.com/4238-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/12xxx/CVE-2019-12220.json b/2019/12xxx/CVE-2019-12220.json index dd5b2e5ce26..25d600abae9 100644 --- a/2019/12xxx/CVE-2019-12220.json +++ b/2019/12xxx/CVE-2019-12220.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4238-1", "url": "https://usn.ubuntu.com/4238-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/12xxx/CVE-2019-12221.json b/2019/12xxx/CVE-2019-12221.json index 22fe3e06058..b83575b3d8c 100644 --- a/2019/12xxx/CVE-2019-12221.json +++ b/2019/12xxx/CVE-2019-12221.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4238-1", "url": "https://usn.ubuntu.com/4238-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/12xxx/CVE-2019-12222.json b/2019/12xxx/CVE-2019-12222.json index a13baf53fbb..1104384cd81 100644 --- a/2019/12xxx/CVE-2019-12222.json +++ b/2019/12xxx/CVE-2019-12222.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4238-1", "url": "https://usn.ubuntu.com/4238-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/12xxx/CVE-2019-12418.json b/2019/12xxx/CVE-2019-12418.json index fb0c21103e8..03dec725865 100644 --- a/2019/12xxx/CVE-2019-12418.json +++ b/2019/12xxx/CVE-2019-12418.json @@ -99,6 +99,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12426.json b/2019/12xxx/CVE-2019-12426.json index a67f54382d1..742b67d9c63 100644 --- a/2019/12xxx/CVE-2019-12426.json +++ b/2019/12xxx/CVE-2019-12426.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache OFBiz", + "version": { + "version_data": [ + { + "version_value": "Apache OFBiz 16.11.01 to 16.11.06" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://s.apache.org/w0dem", + "url": "https://s.apache.org/w0dem" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200206 [SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz", + "url": "https://lists.apache.org/thread.html/r40a3c0930f7945e97e30c25422f52dbe476d5584346c3de5c556c272@%3Cannounce.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06" } ] } diff --git a/2019/12xxx/CVE-2019-12518.json b/2019/12xxx/CVE-2019-12518.json index 13fb82f3c88..a4522c82785 100644 --- a/2019/12xxx/CVE-2019-12518.json +++ b/2019/12xxx/CVE-2019-12518.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html", "url": "https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156335/Anviz-CrossChex-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/156335/Anviz-CrossChex-Buffer-Overflow.html" } ] } diff --git a/2019/12xxx/CVE-2019-12528.json b/2019/12xxx/CVE-2019-12528.json index c3bc21867f0..6621ecc677f 100644 --- a/2019/12xxx/CVE-2019-12528.json +++ b/2019/12xxx/CVE-2019-12528.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12528", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12528", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", + "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" } ] } diff --git a/2019/12xxx/CVE-2019-12815.json b/2019/12xxx/CVE-2019-12815.json index a926f37db26..2ab7e696726 100644 --- a/2019/12xxx/CVE-2019-12815.json +++ b/2019/12xxx/CVE-2019-12815.json @@ -116,6 +116,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0031", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf" } ] } diff --git a/2019/12xxx/CVE-2019-12825.json b/2019/12xxx/CVE-2019-12825.json index 26ac6cb6d9c..36f87be3c89 100644 --- a/2019/12xxx/CVE-2019-12825.json +++ b/2019/12xxx/CVE-2019-12825.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12825", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12825", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry", + "url": "https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry" } ] } diff --git a/2019/13xxx/CVE-2019-13163.json b/2019/13xxx/CVE-2019-13163.json new file mode 100644 index 00000000000..f01f30e54e6 --- /dev/null +++ b/2019/13xxx/CVE-2019-13163.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html", + "url": "https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13321.json b/2019/13xxx/CVE-2019-13321.json new file mode 100644 index 00000000000..a0b9f61466d --- /dev/null +++ b/2019/13xxx/CVE-2019-13321.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-13321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Prior to 10.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Xiaomi" + } + ] + } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of HTTP responses to the Captive Portal. A crafted HTML response can cause the Captive Portal to to open a browser to a specified location without user interaction. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-659/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-659/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13322.json b/2019/13xxx/CVE-2019-13322.json new file mode 100644 index 00000000000..8da8a4699f3 --- /dev/null +++ b/2019/13xxx/CVE-2019-13322.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-13322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Prior to 10.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Xiaomi" + } + ] + } + }, + "credit": "MWR Labs - Georgi Geshev and Robert Miller", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-660/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-660/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13333.json b/2019/13xxx/CVE-2019-13333.json new file mode 100644 index 00000000000..dff75920e55 --- /dev/null +++ b/2019/13xxx/CVE-2019-13333.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-13333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.5.0.20723" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-858/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-858/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13334.json b/2019/13xxx/CVE-2019-13334.json new file mode 100644 index 00000000000..0c8e5d05a7a --- /dev/null +++ b/2019/13xxx/CVE-2019-13334.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-13334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.5.0.20723" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-822: Untrusted Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-859/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-859/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13616.json b/2019/13xxx/CVE-2019-13616.json index a6b41456fd8..43390254bff 100644 --- a/2019/13xxx/CVE-2019-13616.json +++ b/2019/13xxx/CVE-2019-13616.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0293", "url": "https://access.redhat.com/errata/RHSA-2020:0293" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/13xxx/CVE-2019-13626.json b/2019/13xxx/CVE-2019-13626.json index 17e60235ab6..e8a754da3a4 100644 --- a/2019/13xxx/CVE-2019-13626.json +++ b/2019/13xxx/CVE-2019-13626.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2224", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-ff2fe47ba4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/" } ] } diff --git a/2019/13xxx/CVE-2019-13734.json b/2019/13xxx/CVE-2019-13734.json index 437deb8f528..05a13f05f35 100644 --- a/2019/13xxx/CVE-2019-13734.json +++ b/2019/13xxx/CVE-2019-13734.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13734", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -104,6 +104,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0229", "url": "https://access.redhat.com/errata/RHSA-2020:0229" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0476", + "url": "https://access.redhat.com/errata/RHSA-2020:0476" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0463", + "url": "https://access.redhat.com/errata/RHSA-2020:0463" } ] }, diff --git a/2019/13xxx/CVE-2019-13924.json b/2019/13xxx/CVE-2019-13924.json new file mode 100644 index 00000000000..1dc260a94fd --- /dev/null +++ b/2019/13xxx/CVE-2019-13924.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13924", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "all versions < 5.2.4" + } + ] + } + }, + { + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "all versions < 4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13925.json b/2019/13xxx/CVE-2019-13925.json new file mode 100644 index 00000000000..c82dac88596 --- /dev/null +++ b/2019/13xxx/CVE-2019-13925.json @@ -0,0 +1,92 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13925", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SCALANCE S602", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S612", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S623", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S627-2M", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13926.json b/2019/13xxx/CVE-2019-13926.json new file mode 100644 index 00000000000..b86dd441b95 --- /dev/null +++ b/2019/13xxx/CVE-2019-13926.json @@ -0,0 +1,92 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13926", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SCALANCE S602", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S612", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S623", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S627-2M", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13940.json b/2019/13xxx/CVE-2019-13940.json new file mode 100644 index 00000000000..ec81cb221ec --- /dev/null +++ b/2019/13xxx/CVE-2019-13940.json @@ -0,0 +1,97 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13940", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions). Affected devices contain a vulnerability that could cause a Denial-of-Service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device\u2019s web server. Beyond the web service, no other functions or interfaces are affected by the Denial-of-Service condition." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13941.json b/2019/13xxx/CVE-2019-13941.json new file mode 100644 index 00000000000..8e03d12e0db --- /dev/null +++ b/2019/13xxx/CVE-2019-13941.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13941", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "OZW672", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.00" + } + ] + } + }, + { + "product_name": "OZW772", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552: Files or Directories Accessible to External Parties" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13946.json b/2019/13xxx/CVE-2019-13946.json new file mode 100644 index 00000000000..4eaf9ee2878 --- /dev/null +++ b/2019/13xxx/CVE-2019-13946.json @@ -0,0 +1,452 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13946", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", + "version": { + "version_data": [ + { + "version_value": "All Versions < V4.5" + } + ] + } + }, + { + "product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", + "version": { + "version_data": [ + { + "version_value": "All Versions < V4.6" + } + ] + } + }, + { + "product_name": "PROFINET Driver for Controller", + "version": { + "version_data": [ + { + "version_value": "All Versions < V2.1" + } + ] + } + }, + { + "product_name": "RUGGEDCOM RM1224", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.3" + } + ] + } + }, + { + "product_name": "SCALANCE M-800 / S615", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.3" + } + ] + } + }, + { + "product_name": "SCALANCE W700 IEEE 802.11n", + "version": { + "version_data": [ + { + "version_value": "All versions <= V6.0.1" + } + ] + } + }, + { + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All Versions < V5.3" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG", + "version": { + "version_data": [ + { + "version_value": "All Versions < V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE XM-400 switch family", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.0" + } + ] + } + }, + { + "product_name": "SCALANCE XR-500 switch family", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.0" + } + ] + } + }, + { + "product_name": "SIMATIC CP 1616 and CP 1604", + "version": { + "version_data": [ + { + "version_value": "All Versions < V2.8" + } + ] + } + }, + { + "product_name": "SIMATIC CP 343-1 (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 343-1 ERPC", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 OPC UA", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200AL IM 157-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All Versions < V4.2.0" + } + ] + } + }, + { + "product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All Versions < V4.1.0" + } + ] + } + }, + { + "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All Versions < V3.3.1" + } + ] + } + }, + { + "product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All Versions < V4.1.0" + } + ] + } + }, + { + "product_name": "SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200pro, IM 154-3 PN HF", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET200pro, IM 154-4 PN HF", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC IPC Support, Package for VxWorks", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC MV400 family", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)", + "version": { + "version_data": [ + { + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "SIMATIC RF180C", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC RF182C", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC RF600 family", + "version": { + "version_data": [ + { + "version_value": "All versions < V3" + } + ] + } + }, + { + "product_name": "SINAMICS DCP", + "version": { + "version_data": [ + { + "version_value": "All Versions < V1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13965.json b/2019/13xxx/CVE-2019-13965.json new file mode 100644 index 00000000000..fd9035f4f2a --- /dev/null +++ b/2019/13xxx/CVE-2019-13965.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log", + "refsource": "MISC", + "name": "https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log" + }, + { + "refsource": "MISC", + "name": "https://0day.love/itop_vulnerabilities_disclosure.pdf", + "url": "https://0day.love/itop_vulnerabilities_disclosure.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13966.json b/2019/13xxx/CVE-2019-13966.json new file mode 100644 index 00000000000..2ac46c82b3d --- /dev/null +++ b/2019/13xxx/CVE-2019-13966.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log", + "refsource": "MISC", + "name": "https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log" + }, + { + "refsource": "MISC", + "name": "https://0day.love/itop_vulnerabilities_disclosure.pdf", + "url": "https://0day.love/itop_vulnerabilities_disclosure.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13967.json b/2019/13xxx/CVE-2019-13967.json new file mode 100644 index 00000000000..5a6f87c55f2 --- /dev/null +++ b/2019/13xxx/CVE-2019-13967.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log", + "refsource": "MISC", + "name": "https://www.itophub.io/wiki/page?id=latest%3Arelease%3Achange_log" + }, + { + "refsource": "MISC", + "name": "https://0day.love/itop_vulnerabilities_disclosure.pdf", + "url": "https://0day.love/itop_vulnerabilities_disclosure.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14002.json b/2019/14xxx/CVE-2019-14002.json new file mode 100644 index 00000000000..a3f3db8e5aa --- /dev/null +++ b/2019/14xxx/CVE-2019-14002.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control Issue in Telephony" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14040.json b/2019/14xxx/CVE-2019-14040.json new file mode 100644 index 00000000000..2a9ee192910 --- /dev/null +++ b/2019/14xxx/CVE-2019-14040.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in QSEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14041.json b/2019/14xxx/CVE-2019-14041.json new file mode 100644 index 00000000000..b68c197f70a --- /dev/null +++ b/2019/14xxx/CVE-2019-14041.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14044.json b/2019/14xxx/CVE-2019-14044.json new file mode 100644 index 00000000000..3418b50f3e9 --- /dev/null +++ b/2019/14xxx/CVE-2019-14044.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Consumer IOT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "QCS605, SDM439, SDM630, SDM636, SDM660, SDX24" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14046.json b/2019/14xxx/CVE-2019-14046.json new file mode 100644 index 00000000000..f2635d1ad95 --- /dev/null +++ b/2019/14xxx/CVE-2019-14046.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "QCS605, SDM439, SDX24" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14049.json b/2019/14xxx/CVE-2019-14049.json new file mode 100644 index 00000000000..46af9a99994 --- /dev/null +++ b/2019/14xxx/CVE-2019-14049.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stage 2 Fault Issue in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14051.json b/2019/14xxx/CVE-2019-14051.json new file mode 100644 index 00000000000..166d0a37d55 --- /dev/null +++ b/2019/14xxx/CVE-2019-14051.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Industrial IOT", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow Issue in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14055.json b/2019/14xxx/CVE-2019-14055.json new file mode 100644 index 00000000000..2b1f209feb5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14055.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Diag Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14057.json b/2019/14xxx/CVE-2019-14057.json new file mode 100644 index 00000000000..0dabd10fce5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14057.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14060.json b/2019/14xxx/CVE-2019-14060.json new file mode 100644 index 00000000000..6137cffaff0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14060.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Uninitialized Pointer in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14063.json b/2019/14xxx/CVE-2019-14063.json new file mode 100644 index 00000000000..ae118253fdf --- /dev/null +++ b/2019/14xxx/CVE-2019-14063.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read Issue in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14088.json b/2019/14xxx/CVE-2019-14088.json new file mode 100644 index 00000000000..e46cf2baa2d --- /dev/null +++ b/2019/14xxx/CVE-2019-14088.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-199/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-199/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14287.json b/2019/14xxx/CVE-2019-14287.json index 679a8b44cd9..fdfaddc6a4a 100644 --- a/2019/14xxx/CVE-2019-14287.json +++ b/2019/14xxx/CVE-2019-14287.json @@ -221,6 +221,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0388", + "url": "https://access.redhat.com/errata/RHSA-2020:0388" } ] } diff --git a/2019/14xxx/CVE-2019-14296.json b/2019/14xxx/CVE-2019-14296.json index a2f9475f9c6..4864e5fc5f4 100644 --- a/2019/14xxx/CVE-2019-14296.json +++ b/2019/14xxx/CVE-2019-14296.json @@ -66,6 +66,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-bf4633142b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T52JATXV6NTPTMGXCRGT37H6KXERYNZN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0163", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0180", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html" } ] } diff --git a/2019/14xxx/CVE-2019-14378.json b/2019/14xxx/CVE-2019-14378.json index 5a247563ebc..461f691ec54 100644 --- a/2019/14xxx/CVE-2019-14378.json +++ b/2019/14xxx/CVE-2019-14378.json @@ -176,6 +176,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4344", "url": "https://access.redhat.com/errata/RHSA-2019:4344" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0366", + "url": "https://access.redhat.com/errata/RHSA-2020:0366" } ] } diff --git a/2019/14xxx/CVE-2019-14494.json b/2019/14xxx/CVE-2019-14494.json index b87f42c7304..67f71400103 100644 --- a/2019/14xxx/CVE-2019-14494.json +++ b/2019/14xxx/CVE-2019-14494.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4091-1", "url": "https://usn.ubuntu.com/4091-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-24ded2cd52", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHYAM32PALHQXL3O4DKIJ3EJB6AKBOVC/" } ] } diff --git a/2019/14xxx/CVE-2019-14514.json b/2019/14xxx/CVE-2019-14514.json new file mode 100644 index 00000000000..40cb701a2e7 --- /dev/null +++ b/2019/14xxx/CVE-2019-14514.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/seqred-s-a/cve-2019-14514", + "url": "https://github.com/seqred-s-a/cve-2019-14514" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index 5c0a6ac946e..483e0ca980d 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] } diff --git a/2019/14xxx/CVE-2019-14598.json b/2019/14xxx/CVE-2019-14598.json new file mode 100644 index 00000000000..7202497262a --- /dev/null +++ b/2019/14xxx/CVE-2019-14598.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14598", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME", + "version": { + "version_data": [ + { + "version_value": "versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00307.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00307.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14652.json b/2019/14xxx/CVE-2019-14652.json new file mode 100644 index 00000000000..063b0ce804c --- /dev/null +++ b/2019/14xxx/CVE-2019-14652.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/awslabs/aws-js-s3-explorer/commit/87efa7d6885c4a9d8473ec5893adf8e4922a8a89", + "refsource": "MISC", + "name": "https://github.com/awslabs/aws-js-s3-explorer/commit/87efa7d6885c4a9d8473ec5893adf8e4922a8a89" + }, + { + "url": "https://github.com/awslabs/aws-js-s3-explorer/commit/7be671e858601455d6969e445d21a911632d6c94", + "refsource": "MISC", + "name": "https://github.com/awslabs/aws-js-s3-explorer/commit/7be671e858601455d6969e445d21a911632d6c94" + }, + { + "url": "https://github.com/awslabs/aws-js-s3-explorer/pull/62", + "refsource": "MISC", + "name": "https://github.com/awslabs/aws-js-s3-explorer/pull/62" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14814.json b/2019/14xxx/CVE-2019-14814.json index 463694d1504..f0a94282707 100644 --- a/2019/14xxx/CVE-2019-14814.json +++ b/2019/14xxx/CVE-2019-14814.json @@ -148,6 +148,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0174", "url": "https://access.redhat.com/errata/RHSA-2020:0174" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0328", + "url": "https://access.redhat.com/errata/RHSA-2020:0328" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0339", + "url": "https://access.redhat.com/errata/RHSA-2020:0339" } ] }, diff --git a/2019/14xxx/CVE-2019-14815.json b/2019/14xxx/CVE-2019-14815.json index 5df82204726..eac8375a17d 100644 --- a/2019/14xxx/CVE-2019-14815.json +++ b/2019/14xxx/CVE-2019-14815.json @@ -78,6 +78,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0174", "url": "https://access.redhat.com/errata/RHSA-2020:0174" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0328", + "url": "https://access.redhat.com/errata/RHSA-2020:0328" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0339", + "url": "https://access.redhat.com/errata/RHSA-2020:0339" } ] }, diff --git a/2019/14xxx/CVE-2019-14816.json b/2019/14xxx/CVE-2019-14816.json index c9f28d448b8..bac79799473 100644 --- a/2019/14xxx/CVE-2019-14816.json +++ b/2019/14xxx/CVE-2019-14816.json @@ -153,6 +153,26 @@ "refsource": "REDHAT", "name": "RHSA-2020:0204", "url": "https://access.redhat.com/errata/RHSA-2020:0204" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0328", + "url": "https://access.redhat.com/errata/RHSA-2020:0328" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0339", + "url": "https://access.redhat.com/errata/RHSA-2020:0339" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0374", + "url": "https://access.redhat.com/errata/RHSA-2020:0374" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0375", + "url": "https://access.redhat.com/errata/RHSA-2020:0375" } ] }, diff --git a/2019/14xxx/CVE-2019-14824.json b/2019/14xxx/CVE-2019-14824.json index 850c8c2a3f3..528c7391701 100644 --- a/2019/14xxx/CVE-2019-14824.json +++ b/2019/14xxx/CVE-2019-14824.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2004-1] 389-ds-base security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0464", + "url": "https://access.redhat.com/errata/RHSA-2020:0464" } ] }, diff --git a/2019/14xxx/CVE-2019-14865.json b/2019/14xxx/CVE-2019-14865.json index 739bd4a4911..8020e06bee1 100644 --- a/2019/14xxx/CVE-2019-14865.json +++ b/2019/14xxx/CVE-2019-14865.json @@ -53,6 +53,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0335", + "url": "https://access.redhat.com/errata/RHSA-2020:0335" } ] }, diff --git a/2019/14xxx/CVE-2019-14867.json b/2019/14xxx/CVE-2019-14867.json index 23fe52ebd78..c7dc5b4f30a 100644 --- a/2019/14xxx/CVE-2019-14867.json +++ b/2019/14xxx/CVE-2019-14867.json @@ -87,6 +87,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-c64e1612f5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0378", + "url": "https://access.redhat.com/errata/RHSA-2020:0378" } ] }, diff --git a/2019/14xxx/CVE-2019-14869.json b/2019/14xxx/CVE-2019-14869.json index 34c16e3e355..414fa5ac741 100644 --- a/2019/14xxx/CVE-2019-14869.json +++ b/2019/14xxx/CVE-2019-14869.json @@ -98,6 +98,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0222", "url": "https://access.redhat.com/errata/RHSA-2020:0222" + }, + { + "refsource": "JVN", + "name": "JVN#52486659", + "url": "http://jvn.jp/en/jp/JVN52486659/index.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14895.json b/2019/14xxx/CVE-2019-14895.json index 77b6e301379..33a6b2b3fc2 100644 --- a/2019/14xxx/CVE-2019-14895.json +++ b/2019/14xxx/CVE-2019-14895.json @@ -118,6 +118,26 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html", "url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0328", + "url": "https://access.redhat.com/errata/RHSA-2020:0328" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0339", + "url": "https://access.redhat.com/errata/RHSA-2020:0339" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0374", + "url": "https://access.redhat.com/errata/RHSA-2020:0374" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0375", + "url": "https://access.redhat.com/errata/RHSA-2020:0375" } ] }, diff --git a/2019/14xxx/CVE-2019-14901.json b/2019/14xxx/CVE-2019-14901.json index 875c2740d26..46b42d8fce6 100644 --- a/2019/14xxx/CVE-2019-14901.json +++ b/2019/14xxx/CVE-2019-14901.json @@ -126,6 +126,26 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html", "url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0328", + "url": "https://access.redhat.com/errata/RHSA-2020:0328" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0339", + "url": "https://access.redhat.com/errata/RHSA-2020:0339" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0374", + "url": "https://access.redhat.com/errata/RHSA-2020:0374" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0375", + "url": "https://access.redhat.com/errata/RHSA-2020:0375" } ] }, diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json index 7f9b1366b12..6869ccb213d 100644 --- a/2019/14xxx/CVE-2019-14902.json +++ b/2019/14xxx/CVE-2019-14902.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6bd386c7eb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f92cd0e72b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" } ] }, diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json index 1622d65e805..32649af984f 100644 --- a/2019/14xxx/CVE-2019-14907.json +++ b/2019/14xxx/CVE-2019-14907.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6bd386c7eb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f92cd0e72b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" } ] }, diff --git a/2019/15xxx/CVE-2019-15099.json b/2019/15xxx/CVE-2019-15099.json index e836e7217b2..0681fbd04fc 100644 --- a/2019/15xxx/CVE-2019-15099.json +++ b/2019/15xxx/CVE-2019-15099.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K76295179?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K76295179?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/15xxx/CVE-2019-15126.json b/2019/15xxx/CVE-2019-15126.json new file mode 100644 index 00000000000..1c6a0d1cca1 --- /dev/null +++ b/2019/15xxx/CVE-2019-15126.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210721", + "url": "https://support.apple.com/kb/HT210721" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15166.json b/2019/15xxx/CVE-2019-15166.json index 61cf13e53a0..87cfe56507f 100644 --- a/2019/15xxx/CVE-2019-15166.json +++ b/2019/15xxx/CVE-2019-15166.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4252-2", "url": "https://usn.ubuntu.com/4252-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4252-1", + "url": "https://usn.ubuntu.com/4252-1/" } ] } diff --git a/2019/15xxx/CVE-2019-15253.json b/2019/15xxx/CVE-2019-15253.json new file mode 100644 index 00000000000..b1c1a753c0e --- /dev/null +++ b/2019/15xxx/CVE-2019-15253.json @@ -0,0 +1,91 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:00:00-0800", + "ID": "CVE-2019-15253", + "STATE": "PUBLIC", + "TITLE": "Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Digital Network Architecture Center (DNA Center) ", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "1.3.0.6" + }, + { + "affected": "=", + "version_value": "1.3.1.4" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200205 Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190205-dnac-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190205-dnac-xss", + "defect": [ + [ + "CSCvr12994" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15291.json b/2019/15xxx/CVE-2019-15291.json index 68e1c2a228d..19efafd821e 100644 --- a/2019/15xxx/CVE-2019-15291.json +++ b/2019/15xxx/CVE-2019-15291.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4254-2", "url": "https://usn.ubuntu.com/4254-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/15xxx/CVE-2019-15592.json b/2019/15xxx/CVE-2019-15592.json new file mode 100644 index 00000000000..0199e18923c --- /dev/null +++ b/2019/15xxx/CVE-2019-15592.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15592", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "12.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/588876", + "url": "https://hackerone.com/reports/588876" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15594.json b/2019/15xxx/CVE-2019-15594.json new file mode 100644 index 00000000000..4454a0a1e79 --- /dev/null +++ b/2019/15xxx/CVE-2019-15594.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15594", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "12.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/507064", + "url": "https://hackerone.com/reports/507064" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15604.json b/2019/15xxx/CVE-2019-15604.json new file mode 100644 index 00000000000..f7e0c981fe4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15604.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15604", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "10.19.0, 12.15.0, 13.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Certificate Validation (CWE-295)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/746733", + "url": "https://hackerone.com/reports/746733" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v13.8.0/", + "url": "https://nodejs.org/en/blog/release/v13.8.0/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v10.19.0/", + "url": "https://nodejs.org/en/blog/release/v10.19.0/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v12.15.0/", + "url": "https://nodejs.org/en/blog/release/v12.15.0/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15605.json b/2019/15xxx/CVE-2019-15605.json new file mode 100644 index 00000000000..e51345e2506 --- /dev/null +++ b/2019/15xxx/CVE-2019-15605.json @@ -0,0 +1,87 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15605", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "10.19.0, 12.15.0, 13.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Request Smuggling (CWE-444)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/735748", + "url": "https://hackerone.com/reports/735748" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v13.8.0/", + "url": "https://nodejs.org/en/blog/release/v13.8.0/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3838c8ea98", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v10.19.0/", + "url": "https://nodejs.org/en/blog/release/v10.19.0/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v12.15.0/", + "url": "https://nodejs.org/en/blog/release/v12.15.0/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15606.json b/2019/15xxx/CVE-2019-15606.json new file mode 100644 index 00000000000..5eb654141c8 --- /dev/null +++ b/2019/15xxx/CVE-2019-15606.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15606", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "10.19.0, 12.15.0, 13.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/730779", + "url": "https://hackerone.com/reports/730779" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v13.8.0/", + "url": "https://nodejs.org/en/blog/release/v13.8.0/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v10.19.0/", + "url": "https://nodejs.org/en/blog/release/v10.19.0/" + }, + { + "refsource": "CONFIRM", + "name": "https://nodejs.org/en/blog/release/v12.15.0/", + "url": "https://nodejs.org/en/blog/release/v12.15.0/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15610.json b/2019/15xxx/CVE-2019-15610.json new file mode 100644 index 00000000000..268899231e9 --- /dev/null +++ b/2019/15xxx/CVE-2019-15610.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15610", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Circles", + "version": { + "version_data": [ + { + "version_value": "17.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/673724", + "url": "https://hackerone.com/reports/673724" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-013", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-013" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15611.json b/2019/15xxx/CVE-2019-15611.json new file mode 100644 index 00000000000..8531ead66a6 --- /dev/null +++ b/2019/15xxx/CVE-2019-15611.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15611", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud iOS", + "version": { + "version_data": [ + { + "version_value": "2.23.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Violation of Secure Design Principles (CWE-657)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/672623", + "url": "https://hackerone.com/reports/672623" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-017", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-017" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15612.json b/2019/15xxx/CVE-2019-15612.json new file mode 100644 index 00000000000..420e822d4ba --- /dev/null +++ b/2019/15xxx/CVE-2019-15612.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15612", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server ", + "version": { + "version_data": [ + { + "version_value": "15.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Fixation (CWE-384)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/486693", + "url": "https://hackerone.com/reports/486693" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-001", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-001" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15613.json b/2019/15xxx/CVE-2019-15613.json new file mode 100644 index 00000000000..49b36045182 --- /dev/null +++ b/2019/15xxx/CVE-2019-15613.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15613", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "17.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/697959", + "url": "https://hackerone.com/reports/697959" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-002" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0220", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15614.json b/2019/15xxx/CVE-2019-15614.json new file mode 100644 index 00000000000..d4cecfb7a16 --- /dev/null +++ b/2019/15xxx/CVE-2019-15614.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15614", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud iOS App", + "version": { + "version_data": [ + { + "version_value": "2.25.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/575562", + "url": "https://hackerone.com/reports/575562" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-003", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-003" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15615.json b/2019/15xxx/CVE-2019-15615.json new file mode 100644 index 00000000000..2193e688f54 --- /dev/null +++ b/2019/15xxx/CVE-2019-15615.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15615", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Android", + "version": { + "version_data": [ + { + "version_value": "3.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/747726", + "url": "https://hackerone.com/reports/747726" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-004", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-004" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15616.json b/2019/15xxx/CVE-2019-15616.json new file mode 100644 index 00000000000..95e2e552211 --- /dev/null +++ b/2019/15xxx/CVE-2019-15616.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15616", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "17.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CRLF Injection (CWE-93)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/592864", + "url": "https://hackerone.com/reports/592864" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-005", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-005" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15617.json b/2019/15xxx/CVE-2019-15617.json new file mode 100644 index 00000000000..43d1be8c794 --- /dev/null +++ b/2019/15xxx/CVE-2019-15617.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15617", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "17.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/722748", + "url": "https://hackerone.com/reports/722748" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-006", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-006" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15618.json b/2019/15xxx/CVE-2019-15618.json new file mode 100644 index 00000000000..1ae40f7d47e --- /dev/null +++ b/2019/15xxx/CVE-2019-15618.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15618", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "15.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/515484", + "url": "https://hackerone.com/reports/515484" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-007", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-007" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15619.json b/2019/15xxx/CVE-2019-15619.json new file mode 100644 index 00000000000..ae57304f64e --- /dev/null +++ b/2019/15xxx/CVE-2019-15619.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15619", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "16.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/662204", + "url": "https://hackerone.com/reports/662204" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-008", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-008" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-009", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-009" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-010", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-010" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15620.json b/2019/15xxx/CVE-2019-15620.json new file mode 100644 index 00000000000..b08527e5f32 --- /dev/null +++ b/2019/15xxx/CVE-2019-15620.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15620", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Talk", + "version": { + "version_data": [ + { + "version_value": "6.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/662218", + "url": "https://hackerone.com/reports/662218" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-011", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-011" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15621.json b/2019/15xxx/CVE-2019-15621.json new file mode 100644 index 00000000000..60b0a27aaf6 --- /dev/null +++ b/2019/15xxx/CVE-2019-15621.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15621", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "16.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/619484", + "url": "https://hackerone.com/reports/619484" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-012" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0220", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15622.json b/2019/15xxx/CVE-2019-15622.json new file mode 100644 index 00000000000..1c7ad370e49 --- /dev/null +++ b/2019/15xxx/CVE-2019-15622.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15622", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Android", + "version": { + "version_data": [ + { + "version_value": "3.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection (CWE-89)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/518669", + "url": "https://hackerone.com/reports/518669" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-011", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-011" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15623.json b/2019/15xxx/CVE-2019-15623.json new file mode 100644 index 00000000000..59f7aacc31f --- /dev/null +++ b/2019/15xxx/CVE-2019-15623.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15623", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "16.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privacy Violation (CWE-359)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/508490", + "url": "https://hackerone.com/reports/508490" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-016", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-016" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0220", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15624.json b/2019/15xxx/CVE-2019-15624.json new file mode 100644 index 00000000000..623a7798e48 --- /dev/null +++ b/2019/15xxx/CVE-2019-15624.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15624", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "15.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/508493", + "url": "https://hackerone.com/reports/508493" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0220", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15711.json b/2019/15xxx/CVE-2019-15711.json new file mode 100644 index 00000000000..b75ce04be49 --- /dev/null +++ b/2019/15xxx/CVE-2019-15711.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15711", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientLinux", + "version": { + "version_data": [ + { + "version_value": "FortiClientLinux 6.2.1 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-238", + "url": "https://fortiguard.com/psirt/FG-IR-19-238" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/forticlient_linux", + "url": "https://danishcyberdefence.dk/blog/forticlient_linux" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted \"ExportLogs\" type IPC client requests to the fctsched process." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15975.json b/2019/15xxx/CVE-2019-15975.json index 26c809edf96..08bd603d99c 100644 --- a/2019/15xxx/CVE-2019-15975.json +++ b/2019/15xxx/CVE-2019-15975.json @@ -72,6 +72,11 @@ "name": "20200102 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156238/Cisco-Data-Center-Network-Manager-11.2-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156238/Cisco-Data-Center-Network-Manager-11.2-Remote-Code-Execution.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15976.json b/2019/15xxx/CVE-2019-15976.json index 4b0a691bc1b..cd0bb06680f 100644 --- a/2019/15xxx/CVE-2019-15976.json +++ b/2019/15xxx/CVE-2019-15976.json @@ -72,6 +72,11 @@ "name": "20200102 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15977.json b/2019/15xxx/CVE-2019-15977.json index ea998806899..299d49aa15b 100644 --- a/2019/15xxx/CVE-2019-15977.json +++ b/2019/15xxx/CVE-2019-15977.json @@ -72,6 +72,11 @@ "name": "20200102 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15978.json b/2019/15xxx/CVE-2019-15978.json index c88ebeb7246..cc7f6d4283f 100644 --- a/2019/15xxx/CVE-2019-15978.json +++ b/2019/15xxx/CVE-2019-15978.json @@ -72,6 +72,11 @@ "name": "20200102 Cisco Data Center Network Manager Command Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15984.json b/2019/15xxx/CVE-2019-15984.json index 27b9698d139..bfa6517cd5a 100644 --- a/2019/15xxx/CVE-2019-15984.json +++ b/2019/15xxx/CVE-2019-15984.json @@ -72,6 +72,11 @@ "name": "20200102 Cisco Data Center Network Manager SQL Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16152.json b/2019/16xxx/CVE-2019-16152.json new file mode 100644 index 00000000000..016eefe3e91 --- /dev/null +++ b/2019/16xxx/CVE-2019-16152.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16152", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientLinux", + "version": { + "version_data": [ + { + "version_value": "FortiClientLinux 6.2.1 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-238", + "url": "https://fortiguard.com/psirt/FG-IR-19-238" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/forticlient_linux", + "url": "https://danishcyberdefence.dk/blog/forticlient_linux" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16155.json b/2019/16xxx/CVE-2019-16155.json new file mode 100644 index 00000000000..13c32730aa7 --- /dev/null +++ b/2019/16xxx/CVE-2019-16155.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16155", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientLinux", + "version": { + "version_data": [ + { + "version_value": "FortiClientLinux 6.2.1 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-238", + "url": "https://fortiguard.com/psirt/FG-IR-19-238" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/forticlient_linux", + "url": "https://danishcyberdefence.dk/blog/forticlient_linux" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16203.json b/2019/16xxx/CVE-2019-16203.json new file mode 100644 index 00000000000..2f1565c5401 --- /dev/null +++ b/2019/16xxx/CVE-2019-16203.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16203", + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brocade", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16204.json b/2019/16xxx/CVE-2019-16204.json new file mode 100644 index 00000000000..55bc5b68326 --- /dev/null +++ b/2019/16xxx/CVE-2019-16204.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16204", + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brocade", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS Versions before v7.4.2f" + }, + { + "version_value": "v8.2.2a" + }, + { + "version_value": "v8.1.2j and v8.2.1d" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16253.json b/2019/16xxx/CVE-2019-16253.json index a0b618e8f78..d1d060428f9 100644 --- a/2019/16xxx/CVE-2019-16253.json +++ b/2019/16xxx/CVE-2019-16253.json @@ -56,6 +56,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154614/Samsung-Mobile-Android-SamsungTTS-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/154614/Samsung-Mobile-Android-SamsungTTS-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/flankerhqd/vendor-android-cves/tree/master/SMT-CVE-2019-16253", + "url": "https://github.com/flankerhqd/vendor-android-cves/tree/master/SMT-CVE-2019-16253" + }, + { + "refsource": "MISC", + "name": "https://blog.flanker017.me/text-to-speech-speaks-pwned/", + "url": "https://blog.flanker017.me/text-to-speech-speaks-pwned/" } ] } diff --git a/2019/16xxx/CVE-2019-16276.json b/2019/16xxx/CVE-2019-16276.json index a61c58b92c4..655c32220be 100644 --- a/2019/16xxx/CVE-2019-16276.json +++ b/2019/16xxx/CVE-2019-16276.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0101", "url": "https://access.redhat.com/errata/RHSA-2020:0101" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0329", + "url": "https://access.redhat.com/errata/RHSA-2020:0329" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index f15fb3ed7a4..e0b1b9d93c9 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] } diff --git a/2019/16xxx/CVE-2019-16336.json b/2019/16xxx/CVE-2019-16336.json new file mode 100644 index 00000000000..b3a5cc05a30 --- /dev/null +++ b/2019/16xxx/CVE-2019-16336.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.cypress.com/thread/48573", + "refsource": "MISC", + "name": "https://community.cypress.com/thread/48573" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=Iw8sIBLWE_w", + "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16770.json b/2019/16xxx/CVE-2019-16770.json index 923c4ab5c1a..65a38992041 100644 --- a/2019/16xxx/CVE-2019-16770.json +++ b/2019/16xxx/CVE-2019-16770.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "In Puma before version 4.3.2, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough." + "value": "In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2." } ] }, @@ -88,4 +88,4 @@ "value": "Reverse proxies in front of Puma could be configured to always allow less than X keepalive connections to a Puma cluster or process, where X is the number of threads configured in Puma's thread pool." } ] -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16782.json b/2019/16xxx/CVE-2019-16782.json index 15b5c03f102..b3ff79fe997 100644 --- a/2019/16xxx/CVE-2019-16782.json +++ b/2019/16xxx/CVE-2019-16782.json @@ -98,6 +98,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-57fc0d0156", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0214", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index 4fd51f81557..5b276abca87 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -296,6 +296,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444", "url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] } diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index d55caf1c105..9f5fd9ddd41 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -156,6 +156,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0161", "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 14bc54c2e7d..064edc5b6ae 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -151,6 +151,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0161", "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] } diff --git a/2019/17xxx/CVE-2019-17060.json b/2019/17xxx/CVE-2019-17060.json new file mode 100644 index 00000000000..0dc975fb545 --- /dev/null +++ b/2019/17xxx/CVE-2019-17060.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nxp.com/products/wireless/bluetooth-low-energy:BLUETOOTH-LOW-ENERGY-BLE", + "refsource": "MISC", + "name": "https://www.nxp.com/products/wireless/bluetooth-low-energy:BLUETOOTH-LOW-ENERGY-BLE" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17061.json b/2019/17xxx/CVE-2019-17061.json new file mode 100644 index 00000000000..978d95ddd52 --- /dev/null +++ b/2019/17xxx/CVE-2019-17061.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cypress.com/products/ble-bluetooth", + "refsource": "MISC", + "name": "https://www.cypress.com/products/ble-bluetooth" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17133.json b/2019/17xxx/CVE-2019-17133.json index 2c521d7eb16..82aed96e11c 100644 --- a/2019/17xxx/CVE-2019-17133.json +++ b/2019/17xxx/CVE-2019-17133.json @@ -116,6 +116,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0174", "url": "https://access.redhat.com/errata/RHSA-2020:0174" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0374", + "url": "https://access.redhat.com/errata/RHSA-2020:0374" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0375", + "url": "https://access.redhat.com/errata/RHSA-2020:0375" } ] } diff --git a/2019/17xxx/CVE-2019-17135.json b/2019/17xxx/CVE-2019-17135.json new file mode 100644 index 00000000000..b70829f062c --- /dev/null +++ b/2019/17xxx/CVE-2019-17135.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.5.0.20723" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-860/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-860/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17136.json b/2019/17xxx/CVE-2019-17136.json new file mode 100644 index 00000000000..3adbba410b8 --- /dev/null +++ b/2019/17xxx/CVE-2019-17136.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.5.0.20723" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8776." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-861/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-861/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17137.json b/2019/17xxx/CVE-2019-17137.json new file mode 100644 index 00000000000..cee5f955987 --- /dev/null +++ b/2019/17xxx/CVE-2019-17137.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AC1200", + "version": { + "version_data": [ + { + "version_value": "R6220 Firmware version 1.1.0.86" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] + } + }, + "credit": "Michael Flanders of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-626: Null Byte Interaction Error (Poison Null Byte)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-866/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index ec98868381c..32bbb967779 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -121,6 +121,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0161", "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] } diff --git a/2019/17xxx/CVE-2019-17268.json b/2019/17xxx/CVE-2019-17268.json new file mode 100644 index 00000000000..d8de8acb742 --- /dev/null +++ b/2019/17xxx/CVE-2019-17268.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://diff.coditsu.io/diffs/09a05c37-1b34-49e1-ac94-d4dda40d1ad1#d2h-971595", + "refsource": "MISC", + "name": "https://diff.coditsu.io/diffs/09a05c37-1b34-49e1-ac94-d4dda40d1ad1#d2h-971595" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/beenhero/omniauth-weibo-oauth2/issues/36", + "url": "https://github.com/beenhero/omniauth-weibo-oauth2/issues/36" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17517.json b/2019/17xxx/CVE-2019-17517.json new file mode 100644 index 00000000000..bef4158a3f6 --- /dev/null +++ b/2019/17xxx/CVE-2019-17517.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dialog-semiconductor.com/products/connectivity/bluetooth-low-energy/smartbond-da14580-and-da14583", + "refsource": "MISC", + "name": "https://www.dialog-semiconductor.com/products/connectivity/bluetooth-low-energy/smartbond-da14580-and-da14583" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17518.json b/2019/17xxx/CVE-2019-17518.json new file mode 100644 index 00000000000..5e243f12f7c --- /dev/null +++ b/2019/17xxx/CVE-2019-17518.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dialog-semiconductor.com/ja/products/connectivity/bluetooth-low-energy/smartbond-da14680-and-da14681", + "refsource": "MISC", + "name": "https://www.dialog-semiconductor.com/ja/products/connectivity/bluetooth-low-energy/smartbond-da14680-and-da14681" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17519.json b/2019/17xxx/CVE-2019-17519.json new file mode 100644 index 00000000000..293eb8bec62 --- /dev/null +++ b/2019/17xxx/CVE-2019-17519.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17520.json b/2019/17xxx/CVE-2019-17520.json new file mode 100644 index 00000000000..5c27a0bb4b8 --- /dev/null +++ b/2019/17xxx/CVE-2019-17520.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.ti.com/tool/LAUNCHXL-CC2640R2", + "refsource": "MISC", + "name": "http://www.ti.com/tool/LAUNCHXL-CC2640R2" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=Iw8sIBLWE_w", + "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 98a50cdc070..fcbfeabb03f 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -111,6 +111,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0161", "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0445", + "url": "https://access.redhat.com/errata/RHSA-2020:0445" } ] } diff --git a/2019/17xxx/CVE-2019-17558.json b/2019/17xxx/CVE-2019-17558.json index 2ae3b40e833..a3219642203 100644 --- a/2019/17xxx/CVE-2019-17558.json +++ b/2019/17xxx/CVE-2019-17558.json @@ -103,6 +103,16 @@ "refsource": "MLIST", "name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "url": "https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20200213 Re: 7.7.3 bugfix release", + "url": "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20200214 Re: 7.7.3 bugfix release", + "url": "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17563.json b/2019/17xxx/CVE-2019-17563.json index 123e541e41f..45ec12d89eb 100644 --- a/2019/17xxx/CVE-2019-17563.json +++ b/2019/17xxx/CVE-2019-17563.json @@ -94,6 +94,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17570.json b/2019/17xxx/CVE-2019-17570.json index d6b0e4e711c..455f66374b1 100644 --- a/2019/17xxx/CVE-2019-17570.json +++ b/2019/17xxx/CVE-2019-17570.json @@ -68,6 +68,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0310", "url": "https://access.redhat.com/errata/RHSA-2020:0310" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4619", + "url": "https://www.debian.org/security/2020/dsa-4619" + }, + { + "refsource": "BUGTRAQ", + "name": "20200210 [SECURITY] [DSA 4619-1] libxmlrpc3-java security update", + "url": "https://seclists.org/bugtraq/2020/Feb/8" } ] }, diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 47ba6936052..62235f94cfc 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -268,6 +268,11 @@ "refsource": "MLIST", "name": "[zookeeper-user] 20200201 Re: Zookeeper 3.5.6 supports log4j 2.x?", "url": "https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e@%3Cuser.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17585.json b/2019/17xxx/CVE-2019-17585.json new file mode 100644 index 00000000000..a4709782685 --- /dev/null +++ b/2019/17xxx/CVE-2019-17585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17586.json b/2019/17xxx/CVE-2019-17586.json new file mode 100644 index 00000000000..a70f3786529 --- /dev/null +++ b/2019/17xxx/CVE-2019-17586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17586", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17587.json b/2019/17xxx/CVE-2019-17587.json new file mode 100644 index 00000000000..635b82c5219 --- /dev/null +++ b/2019/17xxx/CVE-2019-17587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17587", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17588.json b/2019/17xxx/CVE-2019-17588.json new file mode 100644 index 00000000000..7fe3b0ca7af --- /dev/null +++ b/2019/17xxx/CVE-2019-17588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17588", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17589.json b/2019/17xxx/CVE-2019-17589.json new file mode 100644 index 00000000000..c10b0457475 --- /dev/null +++ b/2019/17xxx/CVE-2019-17589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17589", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17596.json b/2019/17xxx/CVE-2019-17596.json index 47b6a1a54a6..e3e2fcf482c 100644 --- a/2019/17xxx/CVE-2019-17596.json +++ b/2019/17xxx/CVE-2019-17596.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0101", "url": "https://access.redhat.com/errata/RHSA-2020:0101" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0329", + "url": "https://access.redhat.com/errata/RHSA-2020:0329" } ] } diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json index 26e7b66fde6..06f0738cf6f 100644 --- a/2019/17xxx/CVE-2019-17626.json +++ b/2019/17xxx/CVE-2019-17626.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-f3e0ba2f79", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0160", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html" } ] } diff --git a/2019/17xxx/CVE-2019-17652.json b/2019/17xxx/CVE-2019-17652.json new file mode 100644 index 00000000000..792906da833 --- /dev/null +++ b/2019/17xxx/CVE-2019-17652.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17652", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientLinux", + "version": { + "version_data": [ + { + "version_value": "FortiClientLinux 6.2.1 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-238", + "url": "https://fortiguard.com/psirt/FG-IR-19-238" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/forticlient_linux", + "url": "https://danishcyberdefence.dk/blog/forticlient_linux" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted \"StartAvCustomScan\" type IPC client requests to the fctsched process due the argv data not been well sanitized." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17666.json b/2019/17xxx/CVE-2019-17666.json index 8188644b1a7..4c9a2bf396a 100644 --- a/2019/17xxx/CVE-2019-17666.json +++ b/2019/17xxx/CVE-2019-17666.json @@ -116,6 +116,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0328", + "url": "https://access.redhat.com/errata/RHSA-2020:0328" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0339", + "url": "https://access.redhat.com/errata/RHSA-2020:0339" } ] } diff --git a/2019/18xxx/CVE-2019-18193.json b/2019/18xxx/CVE-2019-18193.json index 6b5dd386cbc..067cf1371c8 100644 --- a/2019/18xxx/CVE-2019-18193.json +++ b/2019/18xxx/CVE-2019-18193.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material may be inadvertently logged if certain diagnostics are enabled." + "value": "In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0." } ] }, diff --git a/2019/18xxx/CVE-2019-18197.json b/2019/18xxx/CVE-2019-18197.json index 21defb28346..707f85fac19 100644 --- a/2019/18xxx/CVE-2019-18197.json +++ b/2019/18xxx/CVE-2019-18197.json @@ -91,6 +91,21 @@ "refsource": "MLIST", "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0189", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ] } diff --git a/2019/18xxx/CVE-2019-18210.json b/2019/18xxx/CVE-2019-18210.json new file mode 100644 index 00000000000..ac761ab2725 --- /dev/null +++ b/2019/18xxx/CVE-2019-18210.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle's Teacher_role page). Because the vendor has this expectation, they have stated \"this report has been closed as a false positive, and not a bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a", + "url": "https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a" + }, + { + "refsource": "MISC", + "name": "https://docs.moodle.org/38/en/Teacher_role", + "url": "https://docs.moodle.org/38/en/Teacher_role" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18217.json b/2019/18xxx/CVE-2019-18217.json index 9e0cd5fdb91..60d2f9c015e 100644 --- a/2019/18xxx/CVE-2019-18217.json +++ b/2019/18xxx/CVE-2019-18217.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0031", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf" } ] } diff --git a/2019/18xxx/CVE-2019-18282.json b/2019/18xxx/CVE-2019-18282.json index 027cf57636c..63ada7346a1 100644 --- a/2019/18xxx/CVE-2019-18282.json +++ b/2019/18xxx/CVE-2019-18282.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/18xxx/CVE-2019-18567.json b/2019/18xxx/CVE-2019-18567.json index e8c8308dbe0..4e8f0b771a4 100644 --- a/2019/18xxx/CVE-2019-18567.json +++ b/2019/18xxx/CVE-2019-18567.json @@ -51,7 +51,7 @@ "description_data": [ { "lang": "eng", - "value": "Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. Versions prior to" + "value": "Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service." } ] }, @@ -88,15 +88,15 @@ }, "references": { "reference_data": [ - { - "name": "https://airbus-cybersecurity.blog", - "refsource": "MISC", - "url": "https://airbus-cybersecurity.blog" - }, { "name": "https://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released", "refsource": "CONFIRM", "url": "https://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released" + }, + { + "name": "https://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567", + "refsource": "MISC", + "url": "https://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567" } ] }, diff --git a/2019/18xxx/CVE-2019-18634.json b/2019/18xxx/CVE-2019-18634.json index ea5e3c079fb..7f65e6bb6e9 100644 --- a/2019/18xxx/CVE-2019-18634.json +++ b/2019/18xxx/CVE-2019-18634.json @@ -111,6 +111,46 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html", "url": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled", + "url": "http://www.openwall.com/lists/oss-security/2020/02/05/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled", + "url": "http://www.openwall.com/lists/oss-security/2020/02/05/5" + }, + { + "refsource": "UBUNTU", + "name": "USN-4263-1", + "url": "https://usn.ubuntu.com/4263-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200210-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200210-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4263-2", + "url": "https://usn.ubuntu.com/4263-2/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0487", + "url": "https://access.redhat.com/errata/RHSA-2020:0487" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0509", + "url": "https://access.redhat.com/errata/RHSA-2020:0509" } ] } diff --git a/2019/18xxx/CVE-2019-18671.json b/2019/18xxx/CVE-2019-18671.json index b6ac3fea51d..3da842370ab 100644 --- a/2019/18xxx/CVE-2019-18671.json +++ b/2019/18xxx/CVE-2019-18671.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes on the stack via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB." + "value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB." } ] }, @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3", "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3" + }, + { + "refsource": "MISC", + "name": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/", + "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/" } ] } diff --git a/2019/18xxx/CVE-2019-18683.json b/2019/18xxx/CVE-2019-18683.json index 3938e728334..823ab991883 100644 --- a/2019/18xxx/CVE-2019-18683.json +++ b/2019/18xxx/CVE-2019-18683.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4254-2", "url": "https://usn.ubuntu.com/4254-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18791.json b/2019/18xxx/CVE-2019-18791.json new file mode 100644 index 00000000000..cab3ed214f4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18791.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://support.lexmark.com/alerts/", + "refsource": "MISC", + "name": "http://support.lexmark.com/alerts/" + }, + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&actp=LIST_RECENT&userlocale=EN_US&locale=en", + "url": "http://support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&actp=LIST_RECENT&userlocale=EN_US&locale=en" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18885.json b/2019/18xxx/CVE-2019-18885.json index 1223cce4958..1d626fbf49d 100644 --- a/2019/18xxx/CVE-2019-18885.json +++ b/2019/18xxx/CVE-2019-18885.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html", "url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18915.json b/2019/18xxx/CVE-2019-18915.json new file mode 100644 index 00000000000..215d334c90d --- /dev/null +++ b/2019/18xxx/CVE-2019-18915.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18915", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP System Event Utility", + "version": { + "version_data": [ + { + "version_value": "Prior to version 1.4.33" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of Arbitrary Code." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06559359", + "url": "https://support.hp.com/us-en/document/c06559359" + }, + { + "refsource": "FULLDISC", + "name": "20200214 CVE-2019-18915 HP System Event Utility / Privilege Escalation Vulnerability", + "url": "http://seclists.org/fulldisclosure/2020/Feb/8" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18978.json b/2019/18xxx/CVE-2019-18978.json index 0fa3e97b403..ea3ffbc1d8c 100644 --- a/2019/18xxx/CVE-2019-18978.json +++ b/2019/18xxx/CVE-2019-18978.json @@ -61,6 +61,11 @@ "url": "https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4", "refsource": "MISC", "name": "https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200206 [SECURITY] [DLA 2096-1] ruby-rack-cors security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00004.html" } ] } diff --git a/2019/18xxx/CVE-2019-18988.json b/2019/18xxx/CVE-2019-18988.json new file mode 100644 index 00000000000..fc918a0fd11 --- /dev/null +++ b/2019/18xxx/CVE-2019-18988.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?threadtype=label&labels=Security", + "refsource": "MISC", + "name": "https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?threadtype=label&labels=Security" + }, + { + "refsource": "MISC", + "name": "https://whynotsecurity.com/blog/teamviewer/", + "url": "https://whynotsecurity.com/blog/teamviewer/" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/Blurbdust/status/1224212682594770946?s=20", + "url": "https://twitter.com/Blurbdust/status/1224212682594770946?s=20" + }, + { + "refsource": "MISC", + "name": "https://community.teamviewer.com/t5/Announcements/Specification-on-CVE-2019-18988/td-p/82264", + "url": "https://community.teamviewer.com/t5/Announcements/Specification-on-CVE-2019-18988/td-p/82264" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19050.json b/2019/19xxx/CVE-2019-19050.json index 9d347457243..c0ade9a6da7 100644 --- a/2019/19xxx/CVE-2019-19050.json +++ b/2019/19xxx/CVE-2019-19050.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19062.json b/2019/19xxx/CVE-2019-19062.json index 2509329d559..58d478a6572 100644 --- a/2019/19xxx/CVE-2019-19062.json +++ b/2019/19xxx/CVE-2019-19062.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4254-2", "url": "https://usn.ubuntu.com/4254-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19071.json b/2019/19xxx/CVE-2019-19071.json index 4a0dcdb2944..07783495991 100644 --- a/2019/19xxx/CVE-2019-19071.json +++ b/2019/19xxx/CVE-2019-19071.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19077.json b/2019/19xxx/CVE-2019-19077.json index e3794e5831f..93602670824 100644 --- a/2019/19xxx/CVE-2019-19077.json +++ b/2019/19xxx/CVE-2019-19077.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19078.json b/2019/19xxx/CVE-2019-19078.json index 9589d11665a..1dc6d2cfc51 100644 --- a/2019/19xxx/CVE-2019-19078.json +++ b/2019/19xxx/CVE-2019-19078.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19079.json b/2019/19xxx/CVE-2019-19079.json index 6525595c740..29c560b63a1 100644 --- a/2019/19xxx/CVE-2019-19079.json +++ b/2019/19xxx/CVE-2019-19079.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19082.json b/2019/19xxx/CVE-2019-19082.json index 812ce60a76f..b312ba47a00 100644 --- a/2019/19xxx/CVE-2019-19082.json +++ b/2019/19xxx/CVE-2019-19082.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19126.json b/2019/19xxx/CVE-2019-19126.json index 377066117ab..13ec6b12d41 100644 --- a/2019/19xxx/CVE-2019-19126.json +++ b/2019/19xxx/CVE-2019-19126.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-1a3bdfde17", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-c32e4b271c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/" } ] } diff --git a/2019/19xxx/CVE-2019-19192.json b/2019/19xxx/CVE-2019-19192.json index 907d75cd0b6..82bd3a80388 100644 --- a/2019/19xxx/CVE-2019-19192.json +++ b/2019/19xxx/CVE-2019-19192.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19192", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19192", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" } ] } diff --git a/2019/19xxx/CVE-2019-19193.json b/2019/19xxx/CVE-2019-19193.json index 8bea998b6f0..60fe03565e5 100644 --- a/2019/19xxx/CVE-2019-19193.json +++ b/2019/19xxx/CVE-2019-19193.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19193", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19193", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.ti.com/tool/BLE-STACK", + "refsource": "MISC", + "name": "http://www.ti.com/tool/BLE-STACK" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" } ] } diff --git a/2019/19xxx/CVE-2019-19194.json b/2019/19xxx/CVE-2019-19194.json index f1b7219eb3a..8140edbc144 100644 --- a/2019/19xxx/CVE-2019-19194.json +++ b/2019/19xxx/CVE-2019-19194.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19194", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19194", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.telink-semi.com/ble", + "refsource": "MISC", + "name": "http://www.telink-semi.com/ble" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" } ] } diff --git a/2019/19xxx/CVE-2019-19195.json b/2019/19xxx/CVE-2019-19195.json index c128698bae3..cee7ab6aeab 100644 --- a/2019/19xxx/CVE-2019-19195.json +++ b/2019/19xxx/CVE-2019-19195.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19195", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19195", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.microchip.com/wwwproducts/en/ATSAMB11", + "refsource": "MISC", + "name": "https://www.microchip.com/wwwproducts/en/ATSAMB11" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" } ] } diff --git a/2019/19xxx/CVE-2019-19196.json b/2019/19xxx/CVE-2019-19196.json index 3f1816d77f2..3d35ab2eaff 100644 --- a/2019/19xxx/CVE-2019-19196.json +++ b/2019/19xxx/CVE-2019-19196.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19196", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19196", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.telink-semi.com/ble", + "refsource": "MISC", + "name": "http://www.telink-semi.com/ble" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" } ] } diff --git a/2019/19xxx/CVE-2019-19227.json b/2019/19xxx/CVE-2019-19227.json index 7e73e85890f..432a1276c91 100644 --- a/2019/19xxx/CVE-2019-19227.json +++ b/2019/19xxx/CVE-2019-19227.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4254-2", "url": "https://usn.ubuntu.com/4254-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19232.json b/2019/19xxx/CVE-2019-19232.json index 654a4effe54..75a70796bcb 100644 --- a/2019/19xxx/CVE-2019-19232.json +++ b/2019/19xxx/CVE-2019-19232.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://access.redhat.com/security/cve/cve-2019-19232", "url": "https://access.redhat.com/security/cve/cve-2019-19232" + }, + { + "refsource": "MISC", + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs76870", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs76870" } ] } diff --git a/2019/19xxx/CVE-2019-19252.json b/2019/19xxx/CVE-2019-19252.json index 6cb236b118f..a1e4b065529 100644 --- a/2019/19xxx/CVE-2019-19252.json +++ b/2019/19xxx/CVE-2019-19252.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19273.json b/2019/19xxx/CVE-2019-19273.json index e286a48efd2..aedc326e7c2 100644 --- a/2019/19xxx/CVE-2019-19273.json +++ b/2019/19xxx/CVE-2019-19273.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19273", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19273", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.samsungmobile.com/securityUpdate.smsb", + "url": "https://security.samsungmobile.com/securityUpdate.smsb" } ] } diff --git a/2019/19xxx/CVE-2019-19332.json b/2019/19xxx/CVE-2019-19332.json index 34c0567d9c7..68741d55387 100644 --- a/2019/19xxx/CVE-2019-19332.json +++ b/2019/19xxx/CVE-2019-19332.json @@ -78,6 +78,16 @@ "refsource": "UBUNTU", "name": "USN-4254-2", "url": "https://usn.ubuntu.com/4254-2/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] }, diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index 31ce214be0f..77aa18b1390 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6bd386c7eb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f92cd0e72b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" } ] }, diff --git a/2019/19xxx/CVE-2019-19356.json b/2019/19xxx/CVE-2019-19356.json index 5182bcf25f8..41009d69066 100644 --- a/2019/19xxx/CVE-2019-19356.json +++ b/2019/19xxx/CVE-2019-19356.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19356", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19356", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356", + "url": "https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356" + }, + { + "refsource": "MISC", + "name": "https://github.com/shadowgatt/CVE-2019-19356", + "url": "https://github.com/shadowgatt/CVE-2019-19356" } ] } diff --git a/2019/19xxx/CVE-2019-19363.json b/2019/19xxx/CVE-2019-19363.json index 0307de6786b..57d772d38d7 100644 --- a/2019/19xxx/CVE-2019-19363.json +++ b/2019/19xxx/CVE-2019-19363.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html" } ] } diff --git a/2019/19xxx/CVE-2019-19547.json b/2019/19xxx/CVE-2019-19547.json index 33677bf1ae5..25b010e1239 100644 --- a/2019/19xxx/CVE-2019-19547.json +++ b/2019/19xxx/CVE-2019-19547.json @@ -48,6 +48,16 @@ "refsource": "CONFIRM", "name": "https://support.symantec.com/us/en/article.SYMSA1502.html", "url": "https://support.symantec.com/us/en/article.SYMSA1502.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4a3ff78ba5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-acd8cdb08d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/" } ] }, diff --git a/2019/19xxx/CVE-2019-19590.json b/2019/19xxx/CVE-2019-19590.json index 85595c66aa8..d3cac865966 100644 --- a/2019/19xxx/CVE-2019-19590.json +++ b/2019/19xxx/CVE-2019-19590.json @@ -56,6 +56,16 @@ "url": "https://github.com/radareorg/radare2/issues/15543", "refsource": "MISC", "name": "https://github.com/radareorg/radare2/issues/15543" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4a3ff78ba5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-acd8cdb08d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/" } ] } diff --git a/2019/19xxx/CVE-2019-19601.json b/2019/19xxx/CVE-2019-19601.json index 64a6d9c305e..e3a4450716e 100644 --- a/2019/19xxx/CVE-2019-19601.json +++ b/2019/19xxx/CVE-2019-19601.json @@ -56,6 +56,16 @@ "url": "https://github.com/pkubowicz/opendetex/issues/60", "refsource": "MISC", "name": "https://github.com/pkubowicz/opendetex/issues/60" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-bb5c663b83", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF3RU3VMLP5SS4MXAEKQKAGTSPN3KMHJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-fa1956e637", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFIIVMCMPMORLPJBOULTPGJUH626DHFU/" } ] } diff --git a/2019/19xxx/CVE-2019-19647.json b/2019/19xxx/CVE-2019-19647.json index 4019a827a33..a04f91c3dc5 100644 --- a/2019/19xxx/CVE-2019-19647.json +++ b/2019/19xxx/CVE-2019-19647.json @@ -56,6 +56,16 @@ "url": "https://github.com/radareorg/radare2/issues/15545", "refsource": "MISC", "name": "https://github.com/radareorg/radare2/issues/15545" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4a3ff78ba5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-acd8cdb08d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/" } ] } diff --git a/2019/19xxx/CVE-2019-19659.json b/2019/19xxx/CVE-2019-19659.json index 27003e88ce2..dbc8def448c 100644 --- a/2019/19xxx/CVE-2019-19659.json +++ b/2019/19xxx/CVE-2019-19659.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19659", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19659", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19659.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19659.md" } ] } diff --git a/2019/19xxx/CVE-2019-19660.json b/2019/19xxx/CVE-2019-19660.json index cf2fcd5838b..395e743109d 100644 --- a/2019/19xxx/CVE-2019-19660.json +++ b/2019/19xxx/CVE-2019-19660.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19660", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19660", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/harshit-shukla/CVE/master/CVE-2019-19660.md", + "url": "https://raw.githubusercontent.com/harshit-shukla/CVE/master/CVE-2019-19660.md" } ] } diff --git a/2019/19xxx/CVE-2019-19661.json b/2019/19xxx/CVE-2019-19661.json index 38b46051504..805b7370bfc 100644 --- a/2019/19xxx/CVE-2019-19661.json +++ b/2019/19xxx/CVE-2019-19661.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19661", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19661", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19661%20(Un-authenticated).md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19661%20(Un-authenticated).md" } ] } diff --git a/2019/19xxx/CVE-2019-19662.json b/2019/19xxx/CVE-2019-19662.json index a3dd7b69420..0828d7111bd 100644 --- a/2019/19xxx/CVE-2019-19662.json +++ b/2019/19xxx/CVE-2019-19662.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19662.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19662.md" } ] } diff --git a/2019/19xxx/CVE-2019-19663.json b/2019/19xxx/CVE-2019-19663.json index b40e21f6f28..b03847e0cd5 100644 --- a/2019/19xxx/CVE-2019-19663.json +++ b/2019/19xxx/CVE-2019-19663.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19663", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19663", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19663.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19663.md" } ] } diff --git a/2019/19xxx/CVE-2019-19664.json b/2019/19xxx/CVE-2019-19664.json index 62085abce7c..d71d15e2360 100644 --- a/2019/19xxx/CVE-2019-19664.json +++ b/2019/19xxx/CVE-2019-19664.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19664", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19664", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19664.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19664.md" } ] } diff --git a/2019/19xxx/CVE-2019-19665.json b/2019/19xxx/CVE-2019-19665.json index 035ab8bfd09..e384f60f1f5 100644 --- a/2019/19xxx/CVE-2019-19665.json +++ b/2019/19xxx/CVE-2019-19665.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19665", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19665", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19665.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19665.md" } ] } diff --git a/2019/19xxx/CVE-2019-19666.json b/2019/19xxx/CVE-2019-19666.json index 36da598b0e2..281f9839fb9 100644 --- a/2019/19xxx/CVE-2019-19666.json +++ b/2019/19xxx/CVE-2019-19666.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19666", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19666", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19666.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19666.md" } ] } diff --git a/2019/19xxx/CVE-2019-19667.json b/2019/19xxx/CVE-2019-19667.json index 89941b8aa28..49950bdcba9 100644 --- a/2019/19xxx/CVE-2019-19667.json +++ b/2019/19xxx/CVE-2019-19667.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19667", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19667", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19667.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19667.md" } ] } diff --git a/2019/19xxx/CVE-2019-19668.json b/2019/19xxx/CVE-2019-19668.json index 4e679d2b8d9..2e9bf8819a7 100644 --- a/2019/19xxx/CVE-2019-19668.json +++ b/2019/19xxx/CVE-2019-19668.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19668", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19668", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19668.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19668.md" } ] } diff --git a/2019/19xxx/CVE-2019-19669.json b/2019/19xxx/CVE-2019-19669.json index 5d0ef63c74f..ceada17e549 100644 --- a/2019/19xxx/CVE-2019-19669.json +++ b/2019/19xxx/CVE-2019-19669.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19669", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19669", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19669.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19669.md" } ] } diff --git a/2019/19xxx/CVE-2019-19670.json b/2019/19xxx/CVE-2019-19670.json index fccfad81c96..d0e2e394ae9 100644 --- a/2019/19xxx/CVE-2019-19670.json +++ b/2019/19xxx/CVE-2019-19670.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19670", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19670", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE", + "url": "https://github.com/harshit-shukla/CVE" + }, + { + "refsource": "MISC", + "name": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19670.md", + "url": "https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19670.md" } ] } diff --git a/2019/19xxx/CVE-2019-19757.json b/2019/19xxx/CVE-2019-19757.json index f1f9c2ba932..714bdeef315 100644 --- a/2019/19xxx/CVE-2019-19757.json +++ b/2019/19xxx/CVE-2019-19757.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-19757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XClarity Administrator (LXCA)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-29477", + "name": "https://support.lenovo.com/us/en/product_security/LEN-29477" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your LXCA installation to version 2.6.6 or later. Installation note: You will need to update to LXCA 2.6.0 before installing the latest fix bundle (v 2.6.6)." + } + ], + "source": { + "advisory": "LEN-29477", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19758.json b/2019/19xxx/CVE-2019-19758.json index 5f948d51b7a..fef836aa18d 100644 --- a/2019/19xxx/CVE-2019-19758.json +++ b/2019/19xxx/CVE-2019-19758.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-19758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EZ Media & Backup Center ix2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.1.406.34763" + } + ] + } + }, + { + "product_name": "EZ Media & Backup Center ix2-dl", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.1.406.34763" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo thanks Mostafa Noureldin for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-30242", + "name": "https://support.lenovo.com/us/en/product_security/LEN-30242" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Lenovo has ended support for Lenovo EZ Media & Backup Center, ix2 & ix2-dl as of March 31, 2019, therefore Lenovo recommends discontinuation of use. If it is not feasible to discontinue use, Lenovo recommends using the device only on trusted networks and clicking on device URLs only from trustworthy sources." + } + ], + "source": { + "advisory": "LEN-30242", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19762.json b/2019/19xxx/CVE-2019-19762.json index 64a1f8c7c95..d2942481aa5 100644 --- a/2019/19xxx/CVE-2019-19762.json +++ b/2019/19xxx/CVE-2019-19762.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2019-19762", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Unused CVE for 2019." } ] } diff --git a/2019/19xxx/CVE-2019-19763.json b/2019/19xxx/CVE-2019-19763.json index 445e75c19c7..546a822ac59 100644 --- a/2019/19xxx/CVE-2019-19763.json +++ b/2019/19xxx/CVE-2019-19763.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2019-19763", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Unused CVE for 2019." } ] } diff --git a/2019/19xxx/CVE-2019-19764.json b/2019/19xxx/CVE-2019-19764.json index 300a42f0346..93c1c801ec2 100644 --- a/2019/19xxx/CVE-2019-19764.json +++ b/2019/19xxx/CVE-2019-19764.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2019-19764", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Unused CVE for 2019." } ] } diff --git a/2019/19xxx/CVE-2019-19765.json b/2019/19xxx/CVE-2019-19765.json index 93e00820f93..365e37aebdf 100644 --- a/2019/19xxx/CVE-2019-19765.json +++ b/2019/19xxx/CVE-2019-19765.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2019-19765", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Unused CVE for 2019." } ] } diff --git a/2019/19xxx/CVE-2019-19767.json b/2019/19xxx/CVE-2019-19767.json index a4e723eed0d..e198106c1dd 100644 --- a/2019/19xxx/CVE-2019-19767.json +++ b/2019/19xxx/CVE-2019-19767.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4258-1", + "url": "https://usn.ubuntu.com/4258-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19793.json b/2019/19xxx/CVE-2019-19793.json index c5e6ec16804..727e6c70ae1 100644 --- a/2019/19xxx/CVE-2019-19793.json +++ b/2019/19xxx/CVE-2019-19793.json @@ -56,6 +56,11 @@ "url": "https://www.cyxtera.com/pdfs/appgate-sa-2019-07-0001.pdf", "refsource": "MISC", "name": "https://www.cyxtera.com/pdfs/appgate-sa-2019-07-0001.pdf" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/appgate_part1", + "url": "https://danishcyberdefence.dk/blog/appgate_part1" } ] } diff --git a/2019/19xxx/CVE-2019-19800.json b/2019/19xxx/CVE-2019-19800.json index a6dab43833c..f1b28eefbc5 100644 --- a/2019/19xxx/CVE-2019-19800.json +++ b/2019/19xxx/CVE-2019-19800.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19800", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19800", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/eLeN3Re/CVE-2019-19800/", + "url": "https://gitlab.com/eLeN3Re/CVE-2019-19800/" + }, + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/applications_manager/release-notes.html", + "url": "https://www.manageengine.com/products/applications_manager/release-notes.html" } ] } diff --git a/2019/19xxx/CVE-2019-19879.json b/2019/19xxx/CVE-2019-19879.json index 7b9268cda7d..b8cdaa044cc 100644 --- a/2019/19xxx/CVE-2019-19879.json +++ b/2019/19xxx/CVE-2019-19879.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19879", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19879", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://discuss.hashicorp.com/t/security-bulletin-sentinel-incorrectly-parses-negation-in-certain-policy-expressions/5955", + "url": "https://discuss.hashicorp.com/t/security-bulletin-sentinel-incorrectly-parses-negation-in-certain-policy-expressions/5955" } ] } diff --git a/2019/19xxx/CVE-2019-19880.json b/2019/19xxx/CVE-2019-19880.json index 59da44dc070..610b6de1740 100644 --- a/2019/19xxx/CVE-2019-19880.json +++ b/2019/19xxx/CVE-2019-19880.json @@ -61,6 +61,21 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200114-0001/", "url": "https://security.netapp.com/advisory/ntap-20200114-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0189", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ] } diff --git a/2019/19xxx/CVE-2019-19921.json b/2019/19xxx/CVE-2019-19921.json index da9e8e3cb89..1d6e27e7891 100644 --- a/2019/19xxx/CVE-2019-19921.json +++ b/2019/19xxx/CVE-2019-19921.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19921", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opencontainers/runc/releases", + "refsource": "MISC", + "name": "https://github.com/opencontainers/runc/releases" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2019-19921", + "url": "https://security-tracker.debian.org/tracker/CVE-2019-19921" + }, + { + "refsource": "MISC", + "name": "https://github.com/opencontainers/runc/issues/2197", + "url": "https://github.com/opencontainers/runc/issues/2197" + }, + { + "refsource": "MISC", + "name": "https://github.com/opencontainers/runc/pull/2190", + "url": "https://github.com/opencontainers/runc/pull/2190" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0219", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html" } ] } diff --git a/2019/19xxx/CVE-2019-19922.json b/2019/19xxx/CVE-2019-19922.json index 1622e47f9c2..6daf82d954d 100644 --- a/2019/19xxx/CVE-2019-19922.json +++ b/2019/19xxx/CVE-2019-19922.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/19xxx/CVE-2019-19923.json b/2019/19xxx/CVE-2019-19923.json index 0ca309d796c..706bf70cb76 100644 --- a/2019/19xxx/CVE-2019-19923.json +++ b/2019/19xxx/CVE-2019-19923.json @@ -61,6 +61,21 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0189", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ] } diff --git a/2019/19xxx/CVE-2019-19925.json b/2019/19xxx/CVE-2019-19925.json index 01520c80474..d1f19d6838b 100644 --- a/2019/19xxx/CVE-2019-19925.json +++ b/2019/19xxx/CVE-2019-19925.json @@ -61,6 +61,21 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0189", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ] } diff --git a/2019/19xxx/CVE-2019-19926.json b/2019/19xxx/CVE-2019-19926.json index 84f60255c57..6b26e08445e 100644 --- a/2019/19xxx/CVE-2019-19926.json +++ b/2019/19xxx/CVE-2019-19926.json @@ -61,6 +61,21 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0189", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ] } diff --git a/2019/19xxx/CVE-2019-19927.json b/2019/19xxx/CVE-2019-19927.json index c84429df6ad..90a9501b409 100644 --- a/2019/19xxx/CVE-2019-19927.json +++ b/2019/19xxx/CVE-2019-19927.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428", "url": "https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/19xxx/CVE-2019-19947.json b/2019/19xxx/CVE-2019-19947.json index ffcaaf51d77..f822b318e38 100644 --- a/2019/19xxx/CVE-2019-19947.json +++ b/2019/19xxx/CVE-2019-19947.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/19xxx/CVE-2019-19948.json b/2019/19xxx/CVE-2019-19948.json index 379f092327b..b566d55f853 100644 --- a/2019/19xxx/CVE-2019-19948.json +++ b/2019/19xxx/CVE-2019-19948.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2049-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0170", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html" } ] } diff --git a/2019/19xxx/CVE-2019-19949.json b/2019/19xxx/CVE-2019-19949.json index 56c5a755377..8f52edcde53 100644 --- a/2019/19xxx/CVE-2019-19949.json +++ b/2019/19xxx/CVE-2019-19949.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2049-1] imagemagick security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0170", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html" } ] } diff --git a/2019/19xxx/CVE-2019-19959.json b/2019/19xxx/CVE-2019-19959.json index da10f98742b..eb2deb61736 100644 --- a/2019/19xxx/CVE-2019-19959.json +++ b/2019/19xxx/CVE-2019-19959.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec", "url": "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0001/" } ] } diff --git a/2019/19xxx/CVE-2019-19965.json b/2019/19xxx/CVE-2019-19965.json index 63402dc786f..bf9355f5ba6 100644 --- a/2019/19xxx/CVE-2019-19965.json +++ b/2019/19xxx/CVE-2019-19965.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/19xxx/CVE-2019-19966.json b/2019/19xxx/CVE-2019-19966.json index 050a18239f5..ecbbbeb15b8 100644 --- a/2019/19xxx/CVE-2019-19966.json +++ b/2019/19xxx/CVE-2019-19966.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/19xxx/CVE-2019-19968.json b/2019/19xxx/CVE-2019-19968.json index f8c1a812cdd..25bc9dd0386 100644 --- a/2019/19xxx/CVE-2019-19968.json +++ b/2019/19xxx/CVE-2019-19968.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19968", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19968", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pandorafms.com", + "refsource": "MISC", + "name": "https://pandorafms.com" + }, + { + "refsource": "MISC", + "name": "https://k4m1ll0.com/cve-2019-19968.html", + "url": "https://k4m1ll0.com/cve-2019-19968.html" } ] } diff --git a/2019/1xxx/CVE-2019-1125.json b/2019/1xxx/CVE-2019-1125.json index 37b94df5c2d..b7f2b9921c4 100644 --- a/2019/1xxx/CVE-2019-1125.json +++ b/2019/1xxx/CVE-2019-1125.json @@ -281,6 +281,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:3248", "url": "https://access.redhat.com/errata/RHBA-2019:3248" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html" } ] } diff --git a/2019/1xxx/CVE-2019-1234.json b/2019/1xxx/CVE-2019-1234.json index 194ff693d0c..232bfe0e340 100644 --- a/2019/1xxx/CVE-2019-1234.json +++ b/2019/1xxx/CVE-2019-1234.json @@ -56,6 +56,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/", + "url": "https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/" } ] } diff --git a/2019/1xxx/CVE-2019-1348.json b/2019/1xxx/CVE-2019-1348.json index bfd4b4e9e56..6721fb0125d 100644 --- a/2019/1xxx/CVE-2019-1348.json +++ b/2019/1xxx/CVE-2019-1348.json @@ -44,6 +44,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210729", + "url": "https://support.apple.com/kb/HT210729" + }, { "refsource": "MISC", "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", diff --git a/2019/1xxx/CVE-2019-1372.json b/2019/1xxx/CVE-2019-1372.json index c1ad466e31d..cbf470c424f 100644 --- a/2019/1xxx/CVE-2019-1372.json +++ b/2019/1xxx/CVE-2019-1372.json @@ -56,6 +56,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/", + "url": "https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/" } ] } diff --git a/2019/1xxx/CVE-2019-1566.json b/2019/1xxx/CVE-2019-1566.json index 9d13d874b49..ec69a467108 100644 --- a/2019/1xxx/CVE-2019-1566.json +++ b/2019/1xxx/CVE-2019-1566.json @@ -59,9 +59,14 @@ "url": "http://www.securityfocus.com/bid/106750" }, { - "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/140", + "name": "https://security.paloaltonetworks.com/CVE-2019-1566", "refsource": "CONFIRM", - "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/140" + "url": "https://security.paloaltonetworks.com/CVE-2019-1566" + }, + { + "name": "https://www.purplemet.com/blog/palo-alto-firewall-multiple-xss-vulnerabilities", + "refsource": "MISC", + "url": "https://www.purplemet.com/blog/palo-alto-firewall-multiple-xss-vulnerabilities" } ] } diff --git a/2019/20xxx/CVE-2019-20021.json b/2019/20xxx/CVE-2019-20021.json index e6329abdcd0..2f6d0dbe2c8 100644 --- a/2019/20xxx/CVE-2019-20021.json +++ b/2019/20xxx/CVE-2019-20021.json @@ -61,6 +61,21 @@ "refsource": "FEDORA", "name": "FEDORA-2020-20cf0743f5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D7XU42G6MUQQXHWRP7DCF2JSIBOJ5GOO/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0163", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0180", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-67590fbf08", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUTVSTXAFTD552NO2K2RIF6MDQEHP3BE/" } ] } diff --git a/2019/20xxx/CVE-2019-20045.json b/2019/20xxx/CVE-2019-20045.json index e09f4b32856..deb75837355 100644 --- a/2019/20xxx/CVE-2019-20045.json +++ b/2019/20xxx/CVE-2019-20045.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20045", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. Specially crafted malicious packets could cause disconnection of active authentic connections or reboot of device. This is a different issue than CVE-2019-16879 and CVE-2019-20046." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01" } ] } diff --git a/2019/20xxx/CVE-2019-20046.json b/2019/20xxx/CVE-2019-20046.json index c37ca32d114..cf9ea90a2ca 100644 --- a/2019/20xxx/CVE-2019-20046.json +++ b/2019/20xxx/CVE-2019-20046.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20046", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20046", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is a different issue than CVE-2019-16879 and CVE-2019-20045." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01" } ] } diff --git a/2019/20xxx/CVE-2019-20051.json b/2019/20xxx/CVE-2019-20051.json index 51f42b63d4b..788829949f9 100644 --- a/2019/20xxx/CVE-2019-20051.json +++ b/2019/20xxx/CVE-2019-20051.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-20cf0743f5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D7XU42G6MUQQXHWRP7DCF2JSIBOJ5GOO/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-67590fbf08", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUTVSTXAFTD552NO2K2RIF6MDQEHP3BE/" } ] } diff --git a/2019/20xxx/CVE-2019-20053.json b/2019/20xxx/CVE-2019-20053.json index 41e74af2382..e48247d7b81 100644 --- a/2019/20xxx/CVE-2019-20053.json +++ b/2019/20xxx/CVE-2019-20053.json @@ -56,6 +56,16 @@ "url": "https://github.com/upx/upx/issues/314", "refsource": "MISC", "name": "https://github.com/upx/upx/issues/314" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0163", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0180", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html" } ] } diff --git a/2019/20xxx/CVE-2019-20054.json b/2019/20xxx/CVE-2019-20054.json index be97b763dc0..8ac2bd30f27 100644 --- a/2019/20xxx/CVE-2019-20054.json +++ b/2019/20xxx/CVE-2019-20054.json @@ -71,6 +71,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/20xxx/CVE-2019-20059.json b/2019/20xxx/CVE-2019-20059.json index cefd3486a08..110f7d21160 100644 --- a/2019/20xxx/CVE-2019-20059.json +++ b/2019/20xxx/CVE-2019-20059.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20059", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://yetishare.com/", + "refsource": "MISC", + "name": "https://yetishare.com/" + }, + { + "url": "https://mfscripts.com/", + "refsource": "MISC", + "name": "https://mfscripts.com/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad", + "url": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad" + }, + { + "refsource": "MISC", + "name": "https://github.com/jra89/CVE-2019-20059", + "url": "https://github.com/jra89/CVE-2019-20059" } ] } diff --git a/2019/20xxx/CVE-2019-20060.json b/2019/20xxx/CVE-2019-20060.json index e442cc7d504..60baa8f7370 100644 --- a/2019/20xxx/CVE-2019-20060.json +++ b/2019/20xxx/CVE-2019-20060.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20060", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20060", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://yetishare.com/", + "refsource": "MISC", + "name": "https://yetishare.com/" + }, + { + "url": "https://mfscripts.com/", + "refsource": "MISC", + "name": "https://mfscripts.com/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad", + "url": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad" } ] } diff --git a/2019/20xxx/CVE-2019-20061.json b/2019/20xxx/CVE-2019-20061.json index e9785c00cee..a880bec6e3c 100644 --- a/2019/20xxx/CVE-2019-20061.json +++ b/2019/20xxx/CVE-2019-20061.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20061", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20061", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://yetishare.com/", + "refsource": "MISC", + "name": "https://yetishare.com/" + }, + { + "url": "https://mfscripts.com/", + "refsource": "MISC", + "name": "https://mfscripts.com/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad", + "url": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad" } ] } diff --git a/2019/20xxx/CVE-2019-20062.json b/2019/20xxx/CVE-2019-20062.json index a48c57db766..a4eb8bf5822 100644 --- a/2019/20xxx/CVE-2019-20062.json +++ b/2019/20xxx/CVE-2019-20062.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20062", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20062", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://yetishare.com/", + "refsource": "MISC", + "name": "https://yetishare.com/" + }, + { + "url": "https://mfscripts.com/", + "refsource": "MISC", + "name": "https://mfscripts.com/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad", + "url": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad" } ] } diff --git a/2019/20xxx/CVE-2019-20095.json b/2019/20xxx/CVE-2019-20095.json index 36c42a099bc..b6c96ce954b 100644 --- a/2019/20xxx/CVE-2019-20095.json +++ b/2019/20xxx/CVE-2019-20095.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2019/20xxx/CVE-2019-20098.json b/2019/20xxx/CVE-2019-20098.json index 391d087f793..fa368f0705c 100644 --- a/2019/20xxx/CVE-2019-20098.json +++ b/2019/20xxx/CVE-2019-20098.json @@ -1,17 +1,68 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-03T00:00:00", "ID": "CVE-2019-20098", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.7.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2020-05", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-05" + }, + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70605", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70605" } ] } diff --git a/2019/20xxx/CVE-2019-20099.json b/2019/20xxx/CVE-2019-20099.json index cce75b590ee..aed6b23247e 100644 --- a/2019/20xxx/CVE-2019-20099.json +++ b/2019/20xxx/CVE-2019-20099.json @@ -1,17 +1,68 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-03T00:00:00", "ID": "CVE-2019-20099", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.7.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2020-05", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-05" + }, + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70606", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70606" } ] } diff --git a/2019/20xxx/CVE-2019-20100.json b/2019/20xxx/CVE-2019-20100.json index 9819e088785..7fda7fbd067 100644 --- a/2019/20xxx/CVE-2019-20100.json +++ b/2019/20xxx/CVE-2019-20100.json @@ -1,17 +1,116 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-03T00:00:00", "ID": "CVE-2019-20100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Links", + "version": { + "version_data": [ + { + "version_value": "5.4.21", + "version_affected": "<" + }, + { + "version_value": "6.0.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.12", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + }, + { + "version_value": "7.0.0", + "version_affected": ">=" + }, + { + "version_value": "7.0.2", + "version_affected": "<" + }, + { + "version_value": "7.1.0", + "version_affected": ">=" + }, + { + "version_value": "7.1.3", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.7.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2020-06", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-06" + }, + { + "url": "https://ecosystem.atlassian.net/browse/APL-1390", + "refsource": "MISC", + "name": "https://ecosystem.atlassian.net/browse/APL-1390" + }, + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70607", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70607" } ] } diff --git a/2019/20xxx/CVE-2019-20104.json b/2019/20xxx/CVE-2019-20104.json index 0f0cc845fd4..42384d7065a 100644 --- a/2019/20xxx/CVE-2019-20104.json +++ b/2019/20xxx/CVE-2019-20104.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-05T00:00:00", "ID": "CVE-2019-20104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crowd", + "version": { + "version_data": [ + { + "version_value": "3.6.2", + "version_affected": "<" + }, + { + "version_value": "3.7.0", + "version_affected": ">=" + }, + { + "version_value": "3.7.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CWD-5526", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CWD-5526" + }, + { + "refsource": "MISC", + "name": "https://zeroauth.ltd/blog/2020/02/07/cve-2019-20104-atlassian-crowd-openid-client-vulnerable-to-remote-dos-via-xml-entity-expansion/", + "url": "https://zeroauth.ltd/blog/2020/02/07/cve-2019-20104-atlassian-crowd-openid-client-vulnerable-to-remote-dos-via-xml-entity-expansion/" } ] } diff --git a/2019/20xxx/CVE-2019-20106.json b/2019/20xxx/CVE-2019-20106.json index f76d5ebba2b..a8b6d313349 100644 --- a/2019/20xxx/CVE-2019-20106.json +++ b/2019/20xxx/CVE-2019-20106.json @@ -1,17 +1,79 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-05T00:00:00", "ID": "CVE-2019-20106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server and Data Center", + "version": { + "version_data": [ + { + "version_value": "7.13.12", + "version_affected": "<" + }, + { + "version_value": "8.4.1", + "version_affected": ">=" + }, + { + "version_value": "8.5.4", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70543", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70543" } ] } diff --git a/2019/20xxx/CVE-2019-20141.json b/2019/20xxx/CVE-2019-20141.json index 6bfb7e73a64..14b08f0bab7 100644 --- a/2019/20xxx/CVE-2019-20141.json +++ b/2019/20xxx/CVE-2019-20141.json @@ -56,6 +56,11 @@ "url": "https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html", "refsource": "MISC", "name": "https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html" + }, + { + "refsource": "MISC", + "name": "https://knassar702.github.io/cve/neon/", + "url": "https://knassar702.github.io/cve/neon/" } ] } diff --git a/2019/20xxx/CVE-2019-20173.json b/2019/20xxx/CVE-2019-20173.json index 3fceb289ae0..55de82e1313 100644 --- a/2019/20xxx/CVE-2019-20173.json +++ b/2019/20xxx/CVE-2019-20173.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20173", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20173", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3", + "url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3" + }, + { + "refsource": "CONFIRM", + "name": "https://auth0.com/docs/security/bulletins/cve-2019-20173", + "url": "https://auth0.com/docs/security/bulletins/cve-2019-20173" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10059", + "url": "https://wpvulndb.com/vulnerabilities/10059" } ] } diff --git a/2019/20xxx/CVE-2019-20176.json b/2019/20xxx/CVE-2019-20176.json index cdb0cb41b49..11a9d241cc6 100644 --- a/2019/20xxx/CVE-2019-20176.json +++ b/2019/20xxx/CVE-2019-20176.json @@ -56,6 +56,16 @@ "url": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706", "refsource": "MISC", "name": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-74b71e5873", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-85fa9f07f4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/" } ] } diff --git a/2019/20xxx/CVE-2019-20215.json b/2019/20xxx/CVE-2019-20215.json index 544cf2506a1..491a1479c48 100644 --- a/2019/20xxx/CVE-2019-20215.json +++ b/2019/20xxx/CVE-2019-20215.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-20215-en-2e799acb8a73", "url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-20215-en-2e799acb8a73" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156250/D-Link-ssdpcgi-Unauthenticated-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/156250/D-Link-ssdpcgi-Unauthenticated-Remote-Command-Execution.html" } ] } diff --git a/2019/20xxx/CVE-2019-20372.json b/2019/20xxx/CVE-2019-20372.json index 6ce84b7e4fa..cb8234e84e0 100644 --- a/2019/20xxx/CVE-2019-20372.json +++ b/2019/20xxx/CVE-2019-20372.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200127-0003/", "url": "https://security.netapp.com/advisory/ntap-20200127-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0204", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html" } ] } diff --git a/2019/20xxx/CVE-2019-20386.json b/2019/20xxx/CVE-2019-20386.json index 4c791281cda..6c96656a43d 100644 --- a/2019/20xxx/CVE-2019-20386.json +++ b/2019/20xxx/CVE-2019-20386.json @@ -56,6 +56,21 @@ "url": "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", "refsource": "MISC", "name": "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200210-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200210-0002/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0208", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4269-1", + "url": "https://usn.ubuntu.com/4269-1/" } ] } diff --git a/2019/20xxx/CVE-2019-20388.json b/2019/20xxx/CVE-2019-20388.json index 7481de28629..da95f4a440d 100644 --- a/2019/20xxx/CVE-2019-20388.json +++ b/2019/20xxx/CVE-2019-20388.json @@ -56,6 +56,11 @@ "url": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-41fe1680f6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/" } ] } diff --git a/2019/20xxx/CVE-2019-20400.json b/2019/20xxx/CVE-2019-20400.json index cb87d1c9002..7f047bd31d8 100644 --- a/2019/20xxx/CVE-2019-20400.json +++ b/2019/20xxx/CVE-2019-20400.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-04T00:00:00", "ID": "CVE-2019-20400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Hijacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70407", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70407" } ] } diff --git a/2019/20xxx/CVE-2019-20401.json b/2019/20xxx/CVE-2019-20401.json index ce7d370c688..697fd31c8b1 100644 --- a/2019/20xxx/CVE-2019-20401.json +++ b/2019/20xxx/CVE-2019-20401.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-02-04T00:00:00", "ID": "CVE-2019-20401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70406", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70406" } ] } diff --git a/2019/20xxx/CVE-2019-20402.json b/2019/20xxx/CVE-2019-20402.json index 9c189e3b8be..6c690326fc2 100644 --- a/2019/20xxx/CVE-2019-20402.json +++ b/2019/20xxx/CVE-2019-20402.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-04T00:00:00", "ID": "CVE-2019-20402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.6.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70564", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70564" } ] } diff --git a/2019/20xxx/CVE-2019-20403.json b/2019/20xxx/CVE-2019-20403.json index a99e34a7df8..c55904602b8 100644 --- a/2019/20xxx/CVE-2019-20403.json +++ b/2019/20xxx/CVE-2019-20403.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-04T00:00:00", "ID": "CVE-2019-20403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.6.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70565", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70565" } ] } diff --git a/2019/20xxx/CVE-2019-20404.json b/2019/20xxx/CVE-2019-20404.json index cedb2158f2b..35639d29073 100644 --- a/2019/20xxx/CVE-2019-20404.json +++ b/2019/20xxx/CVE-2019-20404.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-04T00:00:00", "ID": "CVE-2019-20404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.6.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70569", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70569" } ] } diff --git a/2019/20xxx/CVE-2019-20405.json b/2019/20xxx/CVE-2019-20405.json index e8c3cd3e1ea..5043cf720c8 100644 --- a/2019/20xxx/CVE-2019-20405.json +++ b/2019/20xxx/CVE-2019-20405.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-04T00:00:00", "ID": "CVE-2019-20405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.6.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70570", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70570" } ] } diff --git a/2019/20xxx/CVE-2019-20406.json b/2019/20xxx/CVE-2019-20406.json index 289fd8aacce..ee935e111c5 100644 --- a/2019/20xxx/CVE-2019-20406.json +++ b/2019/20xxx/CVE-2019-20406.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-20406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-02-05T00:00:00", + "ID": "CVE-2019-20406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "7.0.5", + "version_affected": "<" + }, + { + "version_value": "7.1.0", + "version_affected": ">=" + }, + { + "version_value": "7.1.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "product": { + "product_data": [ + { + "product_name": "Confluence Data Center", + "version": { + "version_data": [ + { + "version_value": "7.0.5", + "version_affected": "<" + }, + { + "version_value": "7.1.0", + "version_affected": ">=" + }, + { + "version_value": "7.1.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Hijacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-59428", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CONFSERVER-59428" + } + ] + } +} diff --git a/2019/20xxx/CVE-2019-20444.json b/2019/20xxx/CVE-2019-20444.json index 13c1c6bfd53..3ecab234974 100644 --- a/2019/20xxx/CVE-2019-20444.json +++ b/2019/20xxx/CVE-2019-20444.json @@ -106,6 +106,81 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", "url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java8 #38", + "url": "https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java11 #39", + "url": "https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-master-maven-jdk11 #361", + "url": "https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0497", + "url": "https://access.redhat.com/errata/RHSA-2020:0497" } ] } diff --git a/2019/20xxx/CVE-2019-20445.json b/2019/20xxx/CVE-2019-20445.json index a2a23a8b27b..f44837b766a 100644 --- a/2019/20xxx/CVE-2019-20445.json +++ b/2019/20xxx/CVE-2019-20445.json @@ -111,6 +111,51 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", "url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0497", + "url": "https://access.redhat.com/errata/RHSA-2020:0497" } ] } diff --git a/2019/20xxx/CVE-2019-20447.json b/2019/20xxx/CVE-2019-20447.json new file mode 100644 index 00000000000..af027877266 --- /dev/null +++ b/2019/20xxx/CVE-2019-20447.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47311", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47311" + }, + { + "url": "https://packetstormsecurity.com/files/152503/Jobberbase-CMS-2.0-SQL-Injection.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/152503/Jobberbase-CMS-2.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20448.json b/2019/20xxx/CVE-2019-20448.json new file mode 100644 index 00000000000..d2003bce883 --- /dev/null +++ b/2019/20xxx/CVE-2019-20448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20449.json b/2019/20xxx/CVE-2019-20449.json new file mode 100644 index 00000000000..7f426890682 --- /dev/null +++ b/2019/20xxx/CVE-2019-20449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20450.json b/2019/20xxx/CVE-2019-20450.json new file mode 100644 index 00000000000..e6882526117 --- /dev/null +++ b/2019/20xxx/CVE-2019-20450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20451.json b/2019/20xxx/CVE-2019-20451.json new file mode 100644 index 00000000000..2ccd591183d --- /dev/null +++ b/2019/20xxx/CVE-2019-20451.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/papers/47535", + "refsource": "MISC", + "name": "https://www.exploit-db.com/papers/47535" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20452.json b/2019/20xxx/CVE-2019-20452.json new file mode 100644 index 00000000000..6931c4c65e3 --- /dev/null +++ b/2019/20xxx/CVE-2019-20452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20453.json b/2019/20xxx/CVE-2019-20453.json new file mode 100644 index 00000000000..9c9e0b75c40 --- /dev/null +++ b/2019/20xxx/CVE-2019-20453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20454.json b/2019/20xxx/CVE-2019-20454.json new file mode 100644 index 00000000000..047160b2d4e --- /dev/null +++ b/2019/20xxx/CVE-2019-20454.json @@ -0,0 +1,91 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.exim.org/show_bug.cgi?id=2421", + "refsource": "MISC", + "name": "https://bugs.exim.org/show_bug.cgi?id=2421" + }, + { + "url": "https://bugs.php.net/bug.php?id=78338", + "refsource": "MISC", + "name": "https://bugs.php.net/bug.php?id=78338" + }, + { + "url": "https://vcs.pcre.org/pcre2?view=revision&revision=1092", + "refsource": "MISC", + "name": "https://vcs.pcre.org/pcre2?view=revision&revision=1092" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735494", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1735494" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20455.json b/2019/20xxx/CVE-2019-20455.json new file mode 100644 index 00000000000..0b581ed8654 --- /dev/null +++ b/2019/20xxx/CVE-2019-20455.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/globalpayments/php-sdk/releases/tag/2.0.0", + "refsource": "MISC", + "name": "https://github.com/globalpayments/php-sdk/releases/tag/2.0.0" + }, + { + "url": "https://github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0", + "refsource": "MISC", + "name": "https://github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0" + }, + { + "refsource": "MISC", + "name": "https://winterdragon.ca/global-payments-vulnerability/", + "url": "https://winterdragon.ca/global-payments-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20456.json b/2019/20xxx/CVE-2019-20456.json new file mode 100644 index 00000000000..2b8582c768c --- /dev/null +++ b/2019/20xxx/CVE-2019-20456.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.goverlan.com/knowledge/article/security-advisory-govsa-2019-1028-1-local-privilege-escalation-2/", + "refsource": "MISC", + "name": "https://www.goverlan.com/knowledge/article/security-advisory-govsa-2019-1028-1-local-privilege-escalation-2/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20457.json b/2019/20xxx/CVE-2019-20457.json new file mode 100644 index 00000000000..934812787b4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20458.json b/2019/20xxx/CVE-2019-20458.json new file mode 100644 index 00000000000..231734208bb --- /dev/null +++ b/2019/20xxx/CVE-2019-20458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20459.json b/2019/20xxx/CVE-2019-20459.json new file mode 100644 index 00000000000..b49baefed79 --- /dev/null +++ b/2019/20xxx/CVE-2019-20459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20460.json b/2019/20xxx/CVE-2019-20460.json new file mode 100644 index 00000000000..fd67a0a63e7 --- /dev/null +++ b/2019/20xxx/CVE-2019-20460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20461.json b/2019/20xxx/CVE-2019-20461.json new file mode 100644 index 00000000000..7acdd9c85e6 --- /dev/null +++ b/2019/20xxx/CVE-2019-20461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20462.json b/2019/20xxx/CVE-2019-20462.json new file mode 100644 index 00000000000..867155fdcd4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20463.json b/2019/20xxx/CVE-2019-20463.json new file mode 100644 index 00000000000..3249bd068a6 --- /dev/null +++ b/2019/20xxx/CVE-2019-20463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20464.json b/2019/20xxx/CVE-2019-20464.json new file mode 100644 index 00000000000..d258381b141 --- /dev/null +++ b/2019/20xxx/CVE-2019-20464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20465.json b/2019/20xxx/CVE-2019-20465.json new file mode 100644 index 00000000000..a2ef3838d05 --- /dev/null +++ b/2019/20xxx/CVE-2019-20465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20466.json b/2019/20xxx/CVE-2019-20466.json new file mode 100644 index 00000000000..406c6418d2a --- /dev/null +++ b/2019/20xxx/CVE-2019-20466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20467.json b/2019/20xxx/CVE-2019-20467.json new file mode 100644 index 00000000000..af7c15c7e02 --- /dev/null +++ b/2019/20xxx/CVE-2019-20467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20468.json b/2019/20xxx/CVE-2019-20468.json new file mode 100644 index 00000000000..578cb6e412f --- /dev/null +++ b/2019/20xxx/CVE-2019-20468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20469.json b/2019/20xxx/CVE-2019-20469.json new file mode 100644 index 00000000000..3565578d7e5 --- /dev/null +++ b/2019/20xxx/CVE-2019-20469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20470.json b/2019/20xxx/CVE-2019-20470.json new file mode 100644 index 00000000000..9b0b1a48680 --- /dev/null +++ b/2019/20xxx/CVE-2019-20470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20470", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20471.json b/2019/20xxx/CVE-2019-20471.json new file mode 100644 index 00000000000..d0b81fbe0f4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20472.json b/2019/20xxx/CVE-2019-20472.json new file mode 100644 index 00000000000..fab894ba4cc --- /dev/null +++ b/2019/20xxx/CVE-2019-20472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20473.json b/2019/20xxx/CVE-2019-20473.json new file mode 100644 index 00000000000..e7b1e9cf689 --- /dev/null +++ b/2019/20xxx/CVE-2019-20473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2200.json b/2019/2xxx/CVE-2019-2200.json index 45372746776..12b943f6f20 100644 --- a/2019/2xxx/CVE-2019-2200.json +++ b/2019/2xxx/CVE-2019-2200.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2200", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2200", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274" } ] } diff --git a/2019/2xxx/CVE-2019-2684.json b/2019/2xxx/CVE-2019-2684.json index 48e9df46a2c..9f885904566 100644 --- a/2019/2xxx/CVE-2019-2684.json +++ b/2019/2xxx/CVE-2019-2684.json @@ -196,6 +196,21 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", + "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" } ] } diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 6451c645ec4..e1e810b4ea1 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2019/2xxx/CVE-2019-2729.json b/2019/2xxx/CVE-2019-2729.json index 58f6071d9d6..df09f6495b6 100644 --- a/2019/2xxx/CVE-2019-2729.json +++ b/2019/2xxx/CVE-2019-2729.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 5ccecad0162..30b27c62ce4 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2019/3xxx/CVE-2019-3016.json b/2019/3xxx/CVE-2019-3016.json index b1245618900..67fcfc305a5 100644 --- a/2019/3xxx/CVE-2019-3016.json +++ b/2019/3xxx/CVE-2019-3016.json @@ -53,9 +53,9 @@ "references": { "reference_data": [ { - "url": "https://www.openwall.com/lists/oss-security/2020/01/30/4", - "name": "https://www.openwall.com/lists/oss-security/2020/01/30/4", - "refsource": "CONFIRM" + "refsource": "MLIST", + "name": "[oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest", + "url": "http://www.openwall.com/lists/oss-security/2020/01/30/4" }, { "url": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini@redhat.com/", @@ -66,6 +66,31 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167", "refsource": "CONFIRM" + }, + { + "url": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e", + "name": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e", + "refsource": "CONFIRM" + }, + { + "url": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7", + "name": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7", + "refsource": "CONFIRM" + }, + { + "url": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589", + "name": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589", + "refsource": "CONFIRM" + }, + { + "url": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796", + "name": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796", + "refsource": "CONFIRM" + }, + { + "url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e", + "name": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e", + "refsource": "CONFIRM" } ] }, diff --git a/2019/3xxx/CVE-2019-3693.json b/2019/3xxx/CVE-2019-3693.json index 19b7fe58de8..ce4db672573 100644 --- a/2019/3xxx/CVE-2019-3693.json +++ b/2019/3xxx/CVE-2019-3693.json @@ -121,6 +121,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0148", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0156", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3774.json b/2019/3xxx/CVE-2019-3774.json index 68e4ea51a9a..146ad520a84 100644 --- a/2019/3xxx/CVE-2019-3774.json +++ b/2019/3xxx/CVE-2019-3774.json @@ -91,6 +91,36 @@ "refsource": "MLIST", "name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774", "url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11@%3Ccommits.servicemix.apache.org%3E" } ] }, diff --git a/2019/3xxx/CVE-2019-3843.json b/2019/3xxx/CVE-2019-3843.json index 80d24846ade..ef3227dc6e9 100644 --- a/2019/3xxx/CVE-2019-3843.json +++ b/2019/3xxx/CVE-2019-3843.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190619-0002/", "url": "https://security.netapp.com/advisory/ntap-20190619-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4269-1", + "url": "https://usn.ubuntu.com/4269-1/" } ] }, diff --git a/2019/3xxx/CVE-2019-3844.json b/2019/3xxx/CVE-2019-3844.json index 95834fcd0ee..bc296f1a19f 100644 --- a/2019/3xxx/CVE-2019-3844.json +++ b/2019/3xxx/CVE-2019-3844.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190619-0002/", "url": "https://security.netapp.com/advisory/ntap-20190619-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4269-1", + "url": "https://usn.ubuntu.com/4269-1/" } ] }, diff --git a/2019/3xxx/CVE-2019-3998.json b/2019/3xxx/CVE-2019-3998.json index d2352ba50d5..4b38f1837a9 100644 --- a/2019/3xxx/CVE-2019-3998.json +++ b/2019/3xxx/CVE-2019-3998.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3998", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3998", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SimpliSafe SS3 Base Station", + "version": { + "version_data": [ + { + "version_value": "1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Wi-Fi Configuration Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-09", + "url": "https://www.tenable.com/security/research/tra-2020-09" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to." } ] } diff --git a/2019/4xxx/CVE-2019-4392.json b/2019/4xxx/CVE-2019-4392.json index fb211ead171..aca9993f29a 100644 --- a/2019/4xxx/CVE-2019-4392.json +++ b/2019/4xxx/CVE-2019-4392.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4392", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4392", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM Corporation", + "product": { + "product_data": [ + { + "product_name": "HCL AppScan Standard Edition", + "version": { + "version_data": [ + { + "version_value": "9.0.3.13 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Broken authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0075661", + "url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0075661" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system." } ] } diff --git a/2019/4xxx/CVE-2019-4427.json b/2019/4xxx/CVE-2019-4427.json index c8c9814d399..4870ad7015e 100644 --- a/2019/4xxx/CVE-2019-4427.json +++ b/2019/4xxx/CVE-2019-4427.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4427", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/1356087", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1356087", + "title": "IBM Security Bulletin 1356087 (Cloud CLI)" + }, + { + "name": "ibm-cli-cve20194427-info-disc (162773)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162773" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4427", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-05T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud CLI", + "version": { + "version_data": [ + { + "version_value": "0.6.0" + }, + { + "version_value": "0.16.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.", + "lang": "eng" } ] - } + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "5.900", + "AC": "H", + "UI": "N", + "C": "H", + "I": "N", + "AV": "N", + "PR": "N", + "A": "N", + "S": "U" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_format": "MITRE" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4431.json b/2019/4xxx/CVE-2019-4431.json index 5077bfab577..cf9a425fada 100644 --- a/2019/4xxx/CVE-2019-4431.json +++ b/2019/4xxx/CVE-2019-4431.json @@ -1,17 +1,92 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4431", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + }, + "BM": { + "S": "C", + "A": "N", + "PR": "L", + "I": "L", + "C": "L", + "AV": "N", + "UI": "R", + "AC": "L", + "SCORE": "5.400" + } + } }, "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Publishing Engine" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888." + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1942929 (Rational Publishing Engine)", + "name": "https://www.ibm.com/support/pages/node/1942929", + "url": "https://www.ibm.com/support/pages/node/1942929", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162888", + "name": "ibm-pe-cve20194431-xss (162888)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4431", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-11T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] } ] } diff --git a/2019/4xxx/CVE-2019-4451.json b/2019/4xxx/CVE-2019-4451.json index 26ab1f43a02..fe3d4f162bd 100644 --- a/2019/4xxx/CVE-2019-4451.json +++ b/2019/4xxx/CVE-2019-4451.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4451", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.", + "lang": "eng" } ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + }, + "BM": { + "I": "L", + "A": "N", + "SCORE": "5.400", + "AC": "L", + "AV": "N", + "S": "C", + "PR": "L", + "UI": "R", + "C": "L" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Manager", + "version": { + "version_data": [ + { + "version_value": "6.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1288720", + "title": "IBM Security Bulletin 1288720 (Security Identity Manager)", + "name": "https://www.ibm.com/support/pages/node/1288720" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163493", + "title": "X-Force Vulnerability Report", + "name": "ibm-sim-cve20194451-xss (163493)" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-02-03T00:00:00", + "ID": "CVE-2019-4451", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4540.json b/2019/4xxx/CVE-2019-4540.json index e4604a0a171..293ea84c588 100644 --- a/2019/4xxx/CVE-2019-4540.json +++ b/2019/4xxx/CVE-2019-4540.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4540", - "STATE": "RESERVED" + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.", + "lang": "eng" } ] - } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "AV": "N", + "SCORE": "5.900", + "AC": "H", + "I": "N", + "A": "N", + "UI": "N", + "C": "H", + "S": "U", + "PR": "N" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2019-4540", + "DATE_PUBLIC": "2020-02-03T00:00:00" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1288660", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1288660 (Security Directory Server)", + "url": "https://www.ibm.com/support/pages/node/1288660" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165813", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-sds-cve20194540-info-disc (165813)" + } + ] + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4541.json b/2019/4xxx/CVE-2019-4541.json index 6183377fc04..f19a88f3d37 100644 --- a/2019/4xxx/CVE-2019-4541.json +++ b/2019/4xxx/CVE-2019-4541.json @@ -1,17 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4541", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "BM": { + "PR": "H", + "S": "U", + "UI": "N", + "C": "H", + "I": "N", + "A": "H", + "AV": "N", + "SCORE": "6.500", + "AC": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-02-03T00:00:00", + "ID": "CVE-2019-4541", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1288660", + "title": "IBM Security Bulletin 1288660 (Security Directory Server)", + "name": "https://www.ibm.com/support/pages/node/1288660" + }, + { + "name": "ibm-sds-cve20194541-sec-bypass (165814)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165814", + "refsource": "XF" } ] } diff --git a/2019/4xxx/CVE-2019-4548.json b/2019/4xxx/CVE-2019-4548.json index d99024cbe9d..4cb60638599 100644 --- a/2019/4xxx/CVE-2019-4548.json +++ b/2019/4xxx/CVE-2019-4548.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4548", - "STATE": "RESERVED" + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-02-03T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4548", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1288660", + "url": "https://www.ibm.com/support/pages/node/1288660", + "title": "IBM Security Bulletin 1288660 (Security Directory Server)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165950", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-sds-cve20194548-clickjacking (165950)" + } + ] }, - "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_format": "MITRE", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950." } ] + }, + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "S": "C", + "UI": "R", + "C": "L", + "A": "N", + "I": "L", + "SCORE": "6.100", + "AC": "L", + "AV": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4550.json b/2019/4xxx/CVE-2019-4550.json index dceab288eeb..3a0804e5918 100644 --- a/2019/4xxx/CVE-2019-4550.json +++ b/2019/4xxx/CVE-2019-4550.json @@ -1,17 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4550", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "C": "L", + "UI": "N", + "PR": "N", + "S": "U", + "AV": "N", + "AC": "L", + "SCORE": "5.300", + "I": "N", + "A": "N" + } + } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + }, + "product_name": "Security Directory Server" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4550", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-02-03T00:00:00" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1288660", + "url": "https://www.ibm.com/support/pages/node/1288660", + "title": "IBM Security Bulletin 1288660 (Security Directory Server)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165952", + "refsource": "XF", + "name": "ibm-sds-cve20194550-info-disc (165952)" } ] } diff --git a/2019/4xxx/CVE-2019-4551.json b/2019/4xxx/CVE-2019-4551.json index c5dca61104a..6bf247cc5f8 100644 --- a/2019/4xxx/CVE-2019-4551.json +++ b/2019/4xxx/CVE-2019-4551.json @@ -1,17 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4551", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953." + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "C": "L", + "UI": "N", + "PR": "N", + "S": "U", + "AV": "N", + "SCORE": "5.300", + "AC": "L", + "A": "N", + "I": "N" + } + } + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4551", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-03T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + }, + "product_name": "Security Directory Server" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1288660", + "title": "IBM Security Bulletin 1288660 (Security Directory Server)", + "name": "https://www.ibm.com/support/pages/node/1288660" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165953", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-sds-cve20194551-info-disc (165953)" } ] } diff --git a/2019/4xxx/CVE-2019-4562.json b/2019/4xxx/CVE-2019-4562.json index 4a1fa5834ef..040d43f7084 100644 --- a/2019/4xxx/CVE-2019-4562.json +++ b/2019/4xxx/CVE-2019-4562.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4562", - "STATE": "RESERVED" + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] }, "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623." } ] - } + }, + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "UI": "N", + "PR": "N", + "S": "U", + "AV": "N", + "AC": "H", + "SCORE": "3.700", + "I": "N", + "A": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1288660 (Security Directory Server)", + "url": "https://www.ibm.com/support/pages/node/1288660", + "name": "https://www.ibm.com/support/pages/node/1288660" + }, + { + "name": "ibm-sds-cve20194562-info-disc (166623)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166623" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-02-03T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2019-4562" + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4592.json b/2019/4xxx/CVE-2019-4592.json index 3a2f2387f5c..d94d0af709d 100644 --- a/2019/4xxx/CVE-2019-4592.json +++ b/2019/4xxx/CVE-2019-4592.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2020-02-12T00:00:00", "ID": "CVE-2019-4592", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Tivoli Monitoring", + "version": { + "version_data": [ + { + "version_value": "6.3.0.7.3" + }, + { + "version_value": "6.3.0.7.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/2278617", + "title": "IBM Security Bulletin 2278617 (Tivoli Monitoring)", + "name": "https://www.ibm.com/support/pages/node/2278617" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647", + "name": "ibm-tivoli-cve20194592-dos (167647)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AV": "N", + "SCORE": "7.500", + "C": "N", + "S": "U", + "AC": "L", + "I": "N", + "UI": "N", + "PR": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } }, "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.", + "lang": "eng" } ] } diff --git a/2019/4xxx/CVE-2019-4613.json b/2019/4xxx/CVE-2019-4613.json index 05f672320d1..77f7350faa3 100644 --- a/2019/4xxx/CVE-2019-4613.json +++ b/2019/4xxx/CVE-2019-4613.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4613", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Planning Analytics", + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-02-04T00:00:00", + "ID": "CVE-2019-4613", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1172860", + "url": "https://www.ibm.com/support/pages/node/1172860", + "title": "IBM Security Bulletin 1172860 (Planning Analytics)" + }, + { + "name": "ibm-planning-cve20194613-csrf (168524)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168524" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "C": "N", + "I": "L", + "AC": "L", + "SCORE": "4.300", + "AV": "N", + "S": "U", + "PR": "N", + "UI": "R", + "A": "N" + } + } + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.", + "lang": "eng" } ] - } + }, + "data_type": "CVE", + "data_format": "MITRE" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4616.json b/2019/4xxx/CVE-2019-4616.json index 3a6d91369b5..b3a0f503c16 100644 --- a/2019/4xxx/CVE-2019-4616.json +++ b/2019/4xxx/CVE-2019-4616.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4616", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Automation Manager", + "version": { + "version_data": [ + { + "version_value": "3.2.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-4616", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-04T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1289188", + "url": "https://www.ibm.com/support/pages/node/1289188", + "title": "IBM Security Bulletin 1289188 (Cloud Automation Manager)" + }, + { + "refsource": "XF", + "name": "ibm-cam-cve20194616-info-disc (168644)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168644" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "UI": "N", + "PR": "N", + "S": "U", + "AV": "A", + "SCORE": "4.300", + "AC": "L", + "I": "N", + "C": "L" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.", + "lang": "eng" } ] - } + }, + "data_type": "CVE", + "data_format": "MITRE" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4666.json b/2019/4xxx/CVE-2019-4666.json index 3a761e3dd2a..5009b7fb8f6 100644 --- a/2019/4xxx/CVE-2019-4666.json +++ b/2019/4xxx/CVE-2019-4666.json @@ -1,18 +1,106 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4666", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248." } ] - } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4666", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-12T00:00:00" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1138576", + "name": "https://www.ibm.com/support/pages/node/1138576", + "title": "IBM Security Bulletin 1138576 (UrbanCode Build)" + }, + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 2325141 (UrbanCode Deploy)", + "name": "https://www.ibm.com/support/pages/node/2325141", + "url": "https://www.ibm.com/support/pages/node/2325141" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171248", + "title": "X-Force Vulnerability Report", + "name": "ibm-ucd-cve20194666-info-disc (171248)", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0.3" + } + ] + }, + "product_name": "UrbanCode Deploy" + }, + { + "product_name": "UrbanCode Build", + "version": { + "version_data": [ + { + "version_value": "6.1.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "AC": "L", + "I": "N", + "UI": "N", + "PR": "H", + "A": "N", + "SCORE": "2.300", + "AV": "L", + "S": "U", + "C": "L" + } + } + }, + "data_version": "4.0" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4670.json b/2019/4xxx/CVE-2019-4670.json index a64a8199fae..b651b054a68 100644 --- a/2019/4xxx/CVE-2019-4670.json +++ b/2019/4xxx/CVE-2019-4670.json @@ -1,17 +1,98 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2020-02-04T00:00:00", "ID": "CVE-2019-4670", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + }, + "product_name": "WebSphere Application Server" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "SCORE": "6.500", + "I": "N", + "C": "H", + "AC": "L", + "UI": "N", + "A": "N", + "AV": "N", + "PR": "L", + "S": "U" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1289152 (WebSphere Application Server)", + "url": "https://www.ibm.com/support/pages/node/1289152", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1289152" + }, + { + "refsource": "XF", + "name": "ibm-websphere-cve20194670-info-disc (171319)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171319" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.", + "lang": "eng" } ] } diff --git a/2019/4xxx/CVE-2019-4674.json b/2019/4xxx/CVE-2019-4674.json index 872de223129..457b848fe0a 100644 --- a/2019/4xxx/CVE-2019-4674.json +++ b/2019/4xxx/CVE-2019-4674.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4674", - "STATE": "RESERVED" + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0.1" + } + ] + }, + "product_name": "Security Identity Manager" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1288714", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1288714", + "title": "IBM Security Bulletin 1288714 (Security Identity Manager)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171510", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-sim-cve20194674-info-disc (171510)" + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-02-03T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4674", + "ASSIGNER": "psirt@us.ibm.com" }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510." } ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "C", + "PR": "H", + "C": "H", + "UI": "N", + "I": "N", + "A": "N", + "AV": "N", + "SCORE": "6.800", + "AC": "L" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4675.json b/2019/4xxx/CVE-2019-4675.json index 5c571bfb0ec..0383ebea7c0 100644 --- a/2019/4xxx/CVE-2019-4675.json +++ b/2019/4xxx/CVE-2019-4675.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4675", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", - "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Manager", + "version": { + "version_data": [ + { + "version_value": "7.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1288714", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1288714", + "title": "IBM Security Bulletin 1288714 (Security Identity Manager)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171511", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-sim-cve20194675-info-disc (171511)" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4675", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-03T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "S": "C", + "PR": "N", + "C": "H", + "UI": "N", + "I": "N", + "A": "N", + "SCORE": "6.800", + "AC": "H", + "AV": "N" + } + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4741.json b/2019/4xxx/CVE-2019-4741.json index 46c1e6a9c05..8b3b812c0b7 100644 --- a/2019/4xxx/CVE-2019-4741.json +++ b/2019/4xxx/CVE-2019-4741.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4741", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-10T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4741" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1846569", + "title": "IBM Security Bulletin 1846569 (Content Navigator)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1846569" + }, + { + "name": "ibm-cn-cve20194741-ssrf (172815)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815", + "refsource": "XF" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "C": "N", + "AV": "N", + "A": "N", + "S": "U", + "PR": "N", + "UI": "N", + "SCORE": "5.300", + "AC": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_format": "MITRE", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815." } ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Content Navigator", + "version": { + "version_data": [ + { + "version_value": "3.0CD" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } } } \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5108.json b/2019/5xxx/CVE-2019-5108.json index 7428a8744c9..6678c20cbcf 100644 --- a/2019/5xxx/CVE-2019-5108.json +++ b/2019/5xxx/CVE-2019-5108.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e", "url": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] }, diff --git a/2019/5xxx/CVE-2019-5187.json b/2019/5xxx/CVE-2019-5187.json index 17b23e9c61d..937033d549f 100644 --- a/2019/5xxx/CVE-2019-5187.json +++ b/2019/5xxx/CVE-2019-5187.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5187", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5187", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0972", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0972" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5188.json b/2019/5xxx/CVE-2019-5188.json index 23f98ff29cb..5803d665a56 100644 --- a/2019/5xxx/CVE-2019-5188.json +++ b/2019/5xxx/CVE-2019-5188.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-01ed02451f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0166", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5322.json b/2019/5xxx/CVE-2019-5322.json index 995cb1cfdab..91b49de473f 100644 --- a/2019/5xxx/CVE-2019-5322.json +++ b/2019/5xxx/CVE-2019-5322.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5322", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5322", + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Intelligent Edge Switch 5400 3810 2920 2930 2530 with GigT port 2530 10/100 port or 2540", + "version": { + "version_data": [ + { + "version_value": "16.08.* before 16.08.0009 16.09.* before 16.09.0007 16.10.* before 16.10.0003" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure vulneraiblity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions." } ] } diff --git a/2019/5xxx/CVE-2019-5636.json b/2019/5xxx/CVE-2019-5636.json index 6055eac1477..eb677bfcf84 100644 --- a/2019/5xxx/CVE-2019-5636.json +++ b/2019/5xxx/CVE-2019-5636.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal." + "value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)." } ] }, diff --git a/2019/5xxx/CVE-2019-5637.json b/2019/5xxx/CVE-2019-5637.json index 653070c382a..8824ed3c11b 100644 --- a/2019/5xxx/CVE-2019-5637.json +++ b/2019/5xxx/CVE-2019-5637.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device." + "value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)." } ] }, diff --git a/2019/5xxx/CVE-2019-5650.json b/2019/5xxx/CVE-2019-5650.json index 85cfc97c859..3e8d87b692c 100644 --- a/2019/5xxx/CVE-2019-5650.json +++ b/2019/5xxx/CVE-2019-5650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5650", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5650", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5651.json b/2019/5xxx/CVE-2019-5651.json index b58fd177f1d..7493d237baf 100644 --- a/2019/5xxx/CVE-2019-5651.json +++ b/2019/5xxx/CVE-2019-5651.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5651", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5651", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5652.json b/2019/5xxx/CVE-2019-5652.json index 8da5574fa15..115733082bc 100644 --- a/2019/5xxx/CVE-2019-5652.json +++ b/2019/5xxx/CVE-2019-5652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5652", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5652", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5653.json b/2019/5xxx/CVE-2019-5653.json index d18037c4027..c4b864a2253 100644 --- a/2019/5xxx/CVE-2019-5653.json +++ b/2019/5xxx/CVE-2019-5653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5653", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5653", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5654.json b/2019/5xxx/CVE-2019-5654.json index 84c5ad3704d..309a8b23c84 100644 --- a/2019/5xxx/CVE-2019-5654.json +++ b/2019/5xxx/CVE-2019-5654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5654", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5654", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5655.json b/2019/5xxx/CVE-2019-5655.json index c16a952d907..eee66964c5b 100644 --- a/2019/5xxx/CVE-2019-5655.json +++ b/2019/5xxx/CVE-2019-5655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5655", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5655", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5656.json b/2019/5xxx/CVE-2019-5656.json index bd852b613a1..d1931990aa9 100644 --- a/2019/5xxx/CVE-2019-5656.json +++ b/2019/5xxx/CVE-2019-5656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5656", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5656", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5657.json b/2019/5xxx/CVE-2019-5657.json index 9d1ed5d22a0..815eed31f59 100644 --- a/2019/5xxx/CVE-2019-5657.json +++ b/2019/5xxx/CVE-2019-5657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5657", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5657", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5658.json b/2019/5xxx/CVE-2019-5658.json index 2056706bb82..826f75f028e 100644 --- a/2019/5xxx/CVE-2019-5658.json +++ b/2019/5xxx/CVE-2019-5658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5658", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5658", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5659.json b/2019/5xxx/CVE-2019-5659.json index caf44d8778b..6a4292a89ee 100644 --- a/2019/5xxx/CVE-2019-5659.json +++ b/2019/5xxx/CVE-2019-5659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5659", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5659", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5660.json b/2019/5xxx/CVE-2019-5660.json index 5beec25241d..aaa83ccff09 100644 --- a/2019/5xxx/CVE-2019-5660.json +++ b/2019/5xxx/CVE-2019-5660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5660", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5660", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5661.json b/2019/5xxx/CVE-2019-5661.json index 1286dd25d1b..d6644fa6742 100644 --- a/2019/5xxx/CVE-2019-5661.json +++ b/2019/5xxx/CVE-2019-5661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5661", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5661", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5662.json b/2019/5xxx/CVE-2019-5662.json index 48e7e54110b..c3f54c05c6e 100644 --- a/2019/5xxx/CVE-2019-5662.json +++ b/2019/5xxx/CVE-2019-5662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5662", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5662", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5663.json b/2019/5xxx/CVE-2019-5663.json index c4e9e66f113..b9c014348b7 100644 --- a/2019/5xxx/CVE-2019-5663.json +++ b/2019/5xxx/CVE-2019-5663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5663", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5663", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/5xxx/CVE-2019-5664.json b/2019/5xxx/CVE-2019-5664.json index dfee63e2748..059bb45400e 100644 --- a/2019/5xxx/CVE-2019-5664.json +++ b/2019/5xxx/CVE-2019-5664.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5664", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5664", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/6xxx/CVE-2019-6146.json b/2019/6xxx/CVE-2019-6146.json index d409d27223f..5b44bf3d60e 100644 --- a/2019/6xxx/CVE-2019-6146.json +++ b/2019/6xxx/CVE-2019-6146.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://support.forcepoint.com/KBArticle?id=000017702", "url": "https://support.forcepoint.com/KBArticle?id=000017702" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156274/Forcepoint-WebSecurity-8.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156274/Forcepoint-WebSecurity-8.5-Cross-Site-Scripting.html" } ] }, diff --git a/2019/6xxx/CVE-2019-6190.json b/2019/6xxx/CVE-2019-6190.json index 12c0f0d41b9..81a257f161d 100644 --- a/2019/6xxx/CVE-2019-6190.json +++ b/2019/6xxx/CVE-2019-6190.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-6190", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-28078", + "name": "https://support.lenovo.com/us/en/product_security/LEN-28078" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-28078." + } + ], + "source": { + "advisory": "LEN-28078", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6193.json b/2019/6xxx/CVE-2019-6193.json index d866eac5d3e..b84b430d9f4 100644 --- a/2019/6xxx/CVE-2019-6193.json +++ b/2019/6xxx/CVE-2019-6193.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-6193", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XClarity Administrator (LXCA)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-29477", + "name": "https://support.lenovo.com/us/en/product_security/LEN-29477" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your LXCA installation to version 2.6.6 or later. Installation note: You will need to update to LXCA 2.6.0 before installing the latest fix bundle (v 2.6.6)." + } + ], + "source": { + "advisory": "LEN-29477", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6194.json b/2019/6xxx/CVE-2019-6194.json index 281ba8be10d..3cb0e061514 100644 --- a/2019/6xxx/CVE-2019-6194.json +++ b/2019/6xxx/CVE-2019-6194.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-6194", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XClarity Administrator (LXCA)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference ('XXE')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-29477", + "name": "https://support.lenovo.com/us/en/product_security/LEN-29477" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your LXCA installation to version 2.6.6 or later. Installation note: You will need to update to LXCA 2.6.0 before installing the latest fix bundle (v 2.6.6)." + } + ], + "source": { + "advisory": "LEN-29477", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6195.json b/2019/6xxx/CVE-2019-6195.json index 8dc03914650..0856e02d688 100644 --- a/2019/6xxx/CVE-2019-6195.json +++ b/2019/6xxx/CVE-2019-6195.json @@ -1,8 +1,41 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-6195", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XClarity Controller (XCC)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.08 CDI340V" + }, + { + "version_affected": "<", + "version_value": "3.01 TEI392O" + }, + { + "version_affected": "<", + "version_value": "1.71 PSI328N" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +44,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-29116", + "name": "https://support.lenovo.com/us/en/product_security/LEN-29116" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to Lenovo XClarity Controller (XCC) version 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N or higher." + } + ], + "source": { + "advisory": "LEN-29116", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6466.json b/2019/6xxx/CVE-2019-6466.json index b1cd5724a9a..2bdc2b2150e 100644 --- a/2019/6xxx/CVE-2019-6466.json +++ b/2019/6xxx/CVE-2019-6466.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6466", - "STATE": "RESERVED" + "STATE": "REJECT" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,8 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } -} \ No newline at end of file +} diff --git a/2019/6xxx/CVE-2019-6478.json b/2019/6xxx/CVE-2019-6478.json index 842d782c98f..08a0d094789 100644 --- a/2019/6xxx/CVE-2019-6478.json +++ b/2019/6xxx/CVE-2019-6478.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6478", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6478", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } diff --git a/2019/6xxx/CVE-2019-6479.json b/2019/6xxx/CVE-2019-6479.json index 26ff2fa6fd7..242ae32ca8e 100644 --- a/2019/6xxx/CVE-2019-6479.json +++ b/2019/6xxx/CVE-2019-6479.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6479", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019." } ] } diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index 4e07e84dbea..dfaca82dd1c 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -74,6 +74,66 @@ ] } }, + { + "product_name": "RFID 181EIP", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 1616 and CP 1604", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 OPC UA", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "version": { @@ -94,6 +154,26 @@ ] } }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.1.6" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.7" + } + ] + } + }, { "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", "version": { @@ -114,6 +194,16 @@ ] } }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V15.1 Upd 4" + } + ] + } + }, { "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants)", "version": { @@ -184,6 +274,16 @@ ] } }, + { + "product_name": "SIMATIC RF600 family", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.1" + } + ] + } + }, { "product_name": "SIMATIC RF600R", "version": { @@ -709,7 +809,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V1.5" } ] } @@ -724,6 +824,16 @@ ] } }, + { + "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.1" + } + ] + } + }, { "product_name": "TIM 1531 IRC (incl. SIPLUS variants)", "version": { @@ -756,7 +866,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), RFID 181EIP, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 (incl. SIPLUS NET variants), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/6xxx/CVE-2019-6575.json b/2019/6xxx/CVE-2019-6575.json index 47d73a2412d..a8f0ced3c30 100644 --- a/2019/6xxx/CVE-2019-6575.json +++ b/2019/6xxx/CVE-2019-6575.json @@ -14,6 +14,16 @@ "vendor_name": "Siemens AG", "product": { "product_data": [ + { + "product_name": "SIMATIC CP 443-1 OPC UA", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants)", "version": { @@ -34,6 +44,16 @@ ] } }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.7" + } + ] + } + }, { "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", "version": { @@ -54,6 +74,16 @@ ] } }, + { + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", + "version": { + "version_data": [ + { + "version_value": "All versions < V15.1 Upd 4" + } + ] + } + }, { "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants)", "version": { @@ -79,7 +109,7 @@ "version": { "version_data": [ { - "version_value": "All versions >= V7.1" + "version_value": "All versions >= V7.1 < V16" } ] } @@ -206,7 +236,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/6xxx/CVE-2019-6744.json b/2019/6xxx/CVE-2019-6744.json index ce6d755215d..ad46691cc04 100644 --- a/2019/6xxx/CVE-2019-6744.json +++ b/2019/6xxx/CVE-2019-6744.json @@ -1,9 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2019-6744", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Knox", + "version": { + "version_data": [ + { + "version_value": "1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } + ] + } + }, + "credit": "James dean", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +35,40 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-515/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-515/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8577.json b/2019/8xxx/CVE-2019-8577.json index 8a24a0cff89..b05b1ea9902 100644 --- a/2019/8xxx/CVE-2019-8577.json +++ b/2019/8xxx/CVE-2019-8577.json @@ -134,6 +134,11 @@ "url": "https://support.apple.com/HT210122", "refsource": "MISC", "name": "https://support.apple.com/HT210122" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/", + "url": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/" } ] }, diff --git a/2019/8xxx/CVE-2019-8598.json b/2019/8xxx/CVE-2019-8598.json index f3d1e0beab4..535d0c342ef 100644 --- a/2019/8xxx/CVE-2019-8598.json +++ b/2019/8xxx/CVE-2019-8598.json @@ -134,6 +134,11 @@ "url": "https://support.apple.com/HT210122", "refsource": "MISC", "name": "https://support.apple.com/HT210122" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/", + "url": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/" } ] }, diff --git a/2019/8xxx/CVE-2019-8600.json b/2019/8xxx/CVE-2019-8600.json index e35cae4ff68..70996082e1c 100644 --- a/2019/8xxx/CVE-2019-8600.json +++ b/2019/8xxx/CVE-2019-8600.json @@ -134,6 +134,11 @@ "url": "https://support.apple.com/HT210122", "refsource": "MISC", "name": "https://support.apple.com/HT210122" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/", + "url": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/" } ] }, diff --git a/2019/8xxx/CVE-2019-8602.json b/2019/8xxx/CVE-2019-8602.json index 7830d79abd1..1cd70db26d4 100644 --- a/2019/8xxx/CVE-2019-8602.json +++ b/2019/8xxx/CVE-2019-8602.json @@ -134,6 +134,11 @@ "url": "https://support.apple.com/HT210122", "refsource": "MISC", "name": "https://support.apple.com/HT210122" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/", + "url": "https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/" } ] }, diff --git a/2019/8xxx/CVE-2019-8705.json b/2019/8xxx/CVE-2019-8705.json index c7223aa0e93..33996f04e43 100644 --- a/2019/8xxx/CVE-2019-8705.json +++ b/2019/8xxx/CVE-2019-8705.json @@ -56,6 +56,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + }, { "url": "https://support.apple.com/HT210634", "refsource": "MISC", diff --git a/2019/8xxx/CVE-2019-8717.json b/2019/8xxx/CVE-2019-8717.json index be82c6193dd..065acb6b5e7 100644 --- a/2019/8xxx/CVE-2019-8717.json +++ b/2019/8xxx/CVE-2019-8717.json @@ -56,6 +56,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + }, { "url": "https://support.apple.com/HT210634", "refsource": "MISC", diff --git a/2019/8xxx/CVE-2019-8745.json b/2019/8xxx/CVE-2019-8745.json index fdf09f000d7..8946d7627f3 100644 --- a/2019/8xxx/CVE-2019-8745.json +++ b/2019/8xxx/CVE-2019-8745.json @@ -89,6 +89,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + }, { "url": "https://support.apple.com/HT210635", "refsource": "MISC", diff --git a/2019/8xxx/CVE-2019-8748.json b/2019/8xxx/CVE-2019-8748.json index 8bc83b67874..3ca29fdb8ff 100644 --- a/2019/8xxx/CVE-2019-8748.json +++ b/2019/8xxx/CVE-2019-8748.json @@ -45,6 +45,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + }, { "url": "https://support.apple.com/HT210634", "refsource": "MISC", diff --git a/2019/8xxx/CVE-2019-8772.json b/2019/8xxx/CVE-2019-8772.json index 18b3999a6e3..7089d57275e 100644 --- a/2019/8xxx/CVE-2019-8772.json +++ b/2019/8xxx/CVE-2019-8772.json @@ -45,6 +45,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210722", + "url": "https://support.apple.com/kb/HT210722" + }, { "url": "https://support.apple.com/HT210634", "refsource": "MISC", diff --git a/2019/9xxx/CVE-2019-9278.json b/2019/9xxx/CVE-2019-9278.json index 781d4f8148a..181d62fd597 100644 --- a/2019/9xxx/CVE-2019-9278.json +++ b/2019/9xxx/CVE-2019-9278.json @@ -63,6 +63,31 @@ "refsource": "MLIST", "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4618", + "url": "https://www.debian.org/security/2020/dsa-4618" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200210 [SECURITY] [DLA 2100-1] libexif security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200210 [SECURITY] [DSA 4618-1] libexif security update", + "url": "https://seclists.org/bugtraq/2020/Feb/9" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/libexif/libexif/issues/26", + "url": "https://github.com/libexif/libexif/issues/26" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566", + "url": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566" } ] }, diff --git a/2019/9xxx/CVE-2019-9494.json b/2019/9xxx/CVE-2019-9494.json index bc273964e05..9176711b70e 100644 --- a/2019/9xxx/CVE-2019-9494.json +++ b/2019/9xxx/CVE-2019-9494.json @@ -118,6 +118,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html", "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0222", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9495.json b/2019/9xxx/CVE-2019-9495.json index c8533bf730c..52369c8b493 100644 --- a/2019/9xxx/CVE-2019-9495.json +++ b/2019/9xxx/CVE-2019-9495.json @@ -115,6 +115,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0222", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9496.json b/2019/9xxx/CVE-2019-9496.json index e2fa3a1e8d3..37ff8ab93ca 100644 --- a/2019/9xxx/CVE-2019-9496.json +++ b/2019/9xxx/CVE-2019-9496.json @@ -110,6 +110,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html", "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0222", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9497.json b/2019/9xxx/CVE-2019-9497.json index cafc7cc3fef..53b3a0c8202 100644 --- a/2019/9xxx/CVE-2019-9497.json +++ b/2019/9xxx/CVE-2019-9497.json @@ -139,6 +139,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0222", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9498.json b/2019/9xxx/CVE-2019-9498.json index 29abde27c09..3991859b642 100644 --- a/2019/9xxx/CVE-2019-9498.json +++ b/2019/9xxx/CVE-2019-9498.json @@ -134,6 +134,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0222", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9499.json b/2019/9xxx/CVE-2019-9499.json index b2a73458af3..69846dc74c3 100644 --- a/2019/9xxx/CVE-2019-9499.json +++ b/2019/9xxx/CVE-2019-9499.json @@ -134,6 +134,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0222", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9512.json b/2019/9xxx/CVE-2019-9512.json index 79e4263a80d..debad638f37 100644 --- a/2019/9xxx/CVE-2019-9512.json +++ b/2019/9xxx/CVE-2019-9512.json @@ -383,6 +383,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4352", "url": "https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0406", + "url": "https://access.redhat.com/errata/RHSA-2020:0406" } ] }, diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index c7560b0137f..5d860daa54a 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -383,6 +383,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4352", "url": "https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0406", + "url": "https://access.redhat.com/errata/RHSA-2020:0406" } ] }, diff --git a/2019/9xxx/CVE-2019-9674.json b/2019/9xxx/CVE-2019-9674.json index d89e639a638..3447cf71e6d 100644 --- a/2019/9xxx/CVE-2019-9674.json +++ b/2019/9xxx/CVE-2019-9674.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9674", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.python.org/news/security/", + "refsource": "MISC", + "name": "https://www.python.org/news/security/" + }, + { + "url": "https://github.com/python/cpython/blob/master/Lib/zipfile.py", + "refsource": "MISC", + "name": "https://github.com/python/cpython/blob/master/Lib/zipfile.py" + }, + { + "refsource": "MISC", + "name": "https://bugs.python.org/issue36462", + "url": "https://bugs.python.org/issue36462" + }, + { + "refsource": "MISC", + "name": "https://bugs.python.org/issue36260", + "url": "https://bugs.python.org/issue36260" + }, + { + "refsource": "MISC", + "name": "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", + "url": "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb" } ] } diff --git a/2020/0xxx/CVE-2020-0005.json b/2020/0xxx/CVE-2020-0005.json new file mode 100644 index 00000000000..2c546044aff --- /dev/null +++ b/2020/0xxx/CVE-2020-0005.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0005", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0014.json b/2020/0xxx/CVE-2020-0014.json new file mode 100644 index 00000000000..64a54f43a63 --- /dev/null +++ b/2020/0xxx/CVE-2020-0014.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0014", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0015.json b/2020/0xxx/CVE-2020-0015.json new file mode 100644 index 00000000000..8a2c5877043 --- /dev/null +++ b/2020/0xxx/CVE-2020-0015.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0015", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139017101" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0017.json b/2020/0xxx/CVE-2020-0017.json new file mode 100644 index 00000000000..30af3023296 --- /dev/null +++ b/2020/0xxx/CVE-2020-0017.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0017", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In multiple places, it was possible for the primary user\u2019s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0018.json b/2020/0xxx/CVE-2020-0018.json new file mode 100644 index 00000000000..241ffdea7d0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0018.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0018", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0020.json b/2020/0xxx/CVE-2020-0020.json new file mode 100644 index 00000000000..8e4959b037c --- /dev/null +++ b/2020/0xxx/CVE-2020-0020.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0020", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0021.json b/2020/0xxx/CVE-2020-0021.json new file mode 100644 index 00000000000..bb1b610e8b2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0021.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0021", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141413692" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0022.json b/2020/0xxx/CVE-2020-0022.json new file mode 100644 index 00000000000..8bbd714ec38 --- /dev/null +++ b/2020/0xxx/CVE-2020-0022.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0022", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + }, + { + "refsource": "FULLDISC", + "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag", + "url": "http://seclists.org/fulldisclosure/2020/Feb/10" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0023.json b/2020/0xxx/CVE-2020-0023.json new file mode 100644 index 00000000000..a590a65b9f5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0023.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0023", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0026.json b/2020/0xxx/CVE-2020-0026.json new file mode 100644 index 00000000000..02da6622dbe --- /dev/null +++ b/2020/0xxx/CVE-2020-0026.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0026", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140419401" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0027.json b/2020/0xxx/CVE-2020-0027.json new file mode 100644 index 00000000000..693ca6c066b --- /dev/null +++ b/2020/0xxx/CVE-2020-0027.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0027", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144040966" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0028.json b/2020/0xxx/CVE-2020-0028.json new file mode 100644 index 00000000000..907013e998c --- /dev/null +++ b/2020/0xxx/CVE-2020-0028.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0028", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In notifyNetworkTested and related functions of NetworkMonitor.java, there is a possible bypass of private DNS settings. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-122652057" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0030.json b/2020/0xxx/CVE-2020-0030.json new file mode 100644 index 00000000000..8990fe9686d --- /dev/null +++ b/2020/0xxx/CVE-2020-0030.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0030", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-02-01", + "url": "https://source.android.com/security/bulletin/2020-02-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0548.json b/2020/0xxx/CVE-2020-0548.json index a27d03e5d84..c8a1c8d70db 100644 --- a/2020/0xxx/CVE-2020-0548.json +++ b/2020/0xxx/CVE-2020-0548.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200210-0004/", + "url": "https://security.netapp.com/advisory/ntap-20200210-0004/" } ] }, diff --git a/2020/0xxx/CVE-2020-0549.json b/2020/0xxx/CVE-2020-0549.json index 3ddba2166cf..d68cb416eb5 100644 --- a/2020/0xxx/CVE-2020-0549.json +++ b/2020/0xxx/CVE-2020-0549.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200210-0004/", + "url": "https://security.netapp.com/advisory/ntap-20200210-0004/" } ] }, diff --git a/2020/0xxx/CVE-2020-0560.json b/2020/0xxx/CVE-2020-0560.json new file mode 100644 index 00000000000..0fda69787a5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0560.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0560", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Renesas Electronics(R) USB 3.0 Driver", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00273.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00273.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0561.json b/2020/0xxx/CVE-2020-0561.json new file mode 100644 index 00000000000..da02883948e --- /dev/null +++ b/2020/0xxx/CVE-2020-0561.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0561", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) SGX SDK", + "version": { + "version_data": [ + { + "version_value": "before v2.6.100.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0562.json b/2020/0xxx/CVE-2020-0562.json new file mode 100644 index 00000000000..d4ff29fe1f0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0562.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0562", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) RWC2", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00339.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00339.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0563.json b/2020/0xxx/CVE-2020-0563.json new file mode 100644 index 00000000000..3e19c0eb11a --- /dev/null +++ b/2020/0xxx/CVE-2020-0563.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0563", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) MPSS", + "version": { + "version_data": [ + { + "version_value": "before version 3.8.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00340.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00340.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0564.json b/2020/0xxx/CVE-2020-0564.json new file mode 100644 index 00000000000..228693e99f8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0564.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0564", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel\u00ae RAID Web Console 3 (RWC3) for Windows", + "version": { + "version_data": [ + { + "version_value": "before version 7.010.009.000" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00341.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00341.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0618.json b/2020/0xxx/CVE-2020-0618.json new file mode 100644 index 00000000000..e3292c0975b --- /dev/null +++ b/2020/0xxx/CVE-2020-0618.json @@ -0,0 +1,118 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SQL Server", + "version": { + "version_data": [ + { + "version_value": "2012 for 32-bit Systems Service Pack 4 (QFE)" + }, + { + "version_value": "2012 for x64-based Systems Service Pack 4 (QFE)" + }, + { + "version_value": "2016 for x64-based Systems Service Pack 2 (CU)" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0655.json b/2020/0xxx/CVE-2020-0655.json new file mode 100644 index 00000000000..1d5dcb7a707 --- /dev/null +++ b/2020/0xxx/CVE-2020-0655.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Remote Desktop Services \u00e2\u20ac\u201c formerly known as Terminal Services \u00e2\u20ac\u201c when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services\u00c2 Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0655", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0655" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0657.json b/2020/0xxx/CVE-2020-0657.json new file mode 100644 index 00000000000..55911191446 --- /dev/null +++ b/2020/0xxx/CVE-2020-0657.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0657", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0657" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0658.json b/2020/0xxx/CVE-2020-0658.json new file mode 100644 index 00000000000..695ea9273d3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0658.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0658", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0658" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0659.json b/2020/0xxx/CVE-2020-0659.json new file mode 100644 index 00000000000..3338fa41e47 --- /dev/null +++ b/2020/0xxx/CVE-2020-0659.json @@ -0,0 +1,200 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0747." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0659", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0659" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0660.json b/2020/0xxx/CVE-2020-0660.json new file mode 100644 index 00000000000..12bab5c4367 --- /dev/null +++ b/2020/0xxx/CVE-2020-0660.json @@ -0,0 +1,221 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0660", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0660" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0661.json b/2020/0xxx/CVE-2020-0661.json new file mode 100644 index 00000000000..df655b68429 --- /dev/null +++ b/2020/0xxx/CVE-2020-0661.json @@ -0,0 +1,114 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0661", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0661" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0662.json b/2020/0xxx/CVE-2020-0662.json new file mode 100644 index 00000000000..93cb6d05b8b --- /dev/null +++ b/2020/0xxx/CVE-2020-0662.json @@ -0,0 +1,166 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0662", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0662" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0663.json b/2020/0xxx/CVE-2020-0663.json new file mode 100644 index 00000000000..c00a267ade1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0663.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0663", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0663" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0665.json b/2020/0xxx/CVE-2020-0665.json new file mode 100644 index 00000000000..e9c0abb9172 --- /dev/null +++ b/2020/0xxx/CVE-2020-0665.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0665", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0665" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0666.json b/2020/0xxx/CVE-2020-0666.json new file mode 100644 index 00000000000..b5eea633842 --- /dev/null +++ b/2020/0xxx/CVE-2020-0666.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0666", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0666" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0667.json b/2020/0xxx/CVE-2020-0667.json new file mode 100644 index 00000000000..9081663daf3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0667.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0735, CVE-2020-0752." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0667", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0667" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0668.json b/2020/0xxx/CVE-2020-0668.json new file mode 100644 index 00000000000..a1c25638d27 --- /dev/null +++ b/2020/0xxx/CVE-2020-0668.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0669.json b/2020/0xxx/CVE-2020-0669.json new file mode 100644 index 00000000000..3778fb22479 --- /dev/null +++ b/2020/0xxx/CVE-2020-0669.json @@ -0,0 +1,173 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0669", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0669" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0670.json b/2020/0xxx/CVE-2020-0670.json new file mode 100644 index 00000000000..76daeb551ab --- /dev/null +++ b/2020/0xxx/CVE-2020-0670.json @@ -0,0 +1,194 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0671, CVE-2020-0672." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0670", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0670" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0671.json b/2020/0xxx/CVE-2020-0671.json new file mode 100644 index 00000000000..93484fb1c33 --- /dev/null +++ b/2020/0xxx/CVE-2020-0671.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0672." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0671", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0671" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0672.json b/2020/0xxx/CVE-2020-0672.json new file mode 100644 index 00000000000..b8a7acace12 --- /dev/null +++ b/2020/0xxx/CVE-2020-0672.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0671." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0672", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0672" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0673.json b/2020/0xxx/CVE-2020-0673.json new file mode 100644 index 00000000000..e1a88d81fcf --- /dev/null +++ b/2020/0xxx/CVE-2020-0673.json @@ -0,0 +1,218 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + }, + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0674.json b/2020/0xxx/CVE-2020-0674.json new file mode 100644 index 00000000000..4f3dc912162 --- /dev/null +++ b/2020/0xxx/CVE-2020-0674.json @@ -0,0 +1,218 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0675.json b/2020/0xxx/CVE-2020-0675.json new file mode 100644 index 00000000000..2fc2e1f3b76 --- /dev/null +++ b/2020/0xxx/CVE-2020-0675.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0675", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0675" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0676.json b/2020/0xxx/CVE-2020-0676.json new file mode 100644 index 00000000000..27132560a92 --- /dev/null +++ b/2020/0xxx/CVE-2020-0676.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0676", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0676" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0677.json b/2020/0xxx/CVE-2020-0677.json new file mode 100644 index 00000000000..6cb7dd1d0c4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0677.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0677", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0677" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0678.json b/2020/0xxx/CVE-2020-0678.json new file mode 100644 index 00000000000..7ac6c8f9463 --- /dev/null +++ b/2020/0xxx/CVE-2020-0678.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0678", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0678" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0679.json b/2020/0xxx/CVE-2020-0679.json new file mode 100644 index 00000000000..dd1a7810e37 --- /dev/null +++ b/2020/0xxx/CVE-2020-0679.json @@ -0,0 +1,221 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0680, CVE-2020-0682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0679", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0679" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0680.json b/2020/0xxx/CVE-2020-0680.json new file mode 100644 index 00000000000..5d6c399ea3c --- /dev/null +++ b/2020/0xxx/CVE-2020-0680.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0680", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0680" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0681.json b/2020/0xxx/CVE-2020-0681.json new file mode 100644 index 00000000000..b1a7539655c --- /dev/null +++ b/2020/0xxx/CVE-2020-0681.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0682.json b/2020/0xxx/CVE-2020-0682.json new file mode 100644 index 00000000000..4790c58a3bf --- /dev/null +++ b/2020/0xxx/CVE-2020-0682.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0680." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0682", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0682" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0683.json b/2020/0xxx/CVE-2020-0683.json new file mode 100644 index 00000000000..9e12d34ae90 --- /dev/null +++ b/2020/0xxx/CVE-2020-0683.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0683" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0685.json b/2020/0xxx/CVE-2020-0685.json new file mode 100644 index 00000000000..22cdcf63458 --- /dev/null +++ b/2020/0xxx/CVE-2020-0685.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0685", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0685" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0686.json b/2020/0xxx/CVE-2020-0686.json new file mode 100644 index 00000000000..cae48d4a041 --- /dev/null +++ b/2020/0xxx/CVE-2020-0686.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0686", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0686" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0688.json b/2020/0xxx/CVE-2020-0688.json new file mode 100644 index 00000000000..65167843895 --- /dev/null +++ b/2020/0xxx/CVE-2020-0688.json @@ -0,0 +1,112 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2013", + "version": { + "version_data": [ + { + "version_value": "Cumulative Update 23" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0689.json b/2020/0xxx/CVE-2020-0689.json new file mode 100644 index 00000000000..41b295cde6b --- /dev/null +++ b/2020/0xxx/CVE-2020-0689.json @@ -0,0 +1,221 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security Feature Bypass Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0689", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0689" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0691.json b/2020/0xxx/CVE-2020-0691.json new file mode 100644 index 00000000000..20bd2adb7da --- /dev/null +++ b/2020/0xxx/CVE-2020-0691.json @@ -0,0 +1,211 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0691", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0691" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0692.json b/2020/0xxx/CVE-2020-0692.json new file mode 100644 index 00000000000..d357a3dd44a --- /dev/null +++ b/2020/0xxx/CVE-2020-0692.json @@ -0,0 +1,102 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2013", + "version": { + "version_data": [ + { + "version_value": "Cumulative Update 23" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0693.json b/2020/0xxx/CVE-2020-0693.json new file mode 100644 index 00000000000..0e12c98093b --- /dev/null +++ b/2020/0xxx/CVE-2020-0693.json @@ -0,0 +1,75 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0693", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0693" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0694.json b/2020/0xxx/CVE-2020-0694.json new file mode 100644 index 00000000000..b91f88e5d62 --- /dev/null +++ b/2020/0xxx/CVE-2020-0694.json @@ -0,0 +1,75 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0693." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0694", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0694" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0695.json b/2020/0xxx/CVE-2020-0695.json new file mode 100644 index 00000000000..f917cf86b50 --- /dev/null +++ b/2020/0xxx/CVE-2020-0695.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0695", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0695" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0696.json b/2020/0xxx/CVE-2020-0696.json new file mode 100644 index 00000000000..70504deab0e --- /dev/null +++ b/2020/0xxx/CVE-2020-0696.json @@ -0,0 +1,106 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0696", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0696" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0697.json b/2020/0xxx/CVE-2020-0697.json new file mode 100644 index 00000000000..65e65313336 --- /dev/null +++ b/2020/0xxx/CVE-2020-0697.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0697" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0698.json b/2020/0xxx/CVE-2020-0698.json new file mode 100644 index 00000000000..21db9e25c38 --- /dev/null +++ b/2020/0xxx/CVE-2020-0698.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0698", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0698" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0701.json b/2020/0xxx/CVE-2020-0701.json new file mode 100644 index 00000000000..6fd1b18dda3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0701.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Client License Service (ClipSVC) handles objects in memory, aka 'Windows Client License Service Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0701", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0701" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0702.json b/2020/0xxx/CVE-2020-0702.json new file mode 100644 index 00000000000..a2170c6b581 --- /dev/null +++ b/2020/0xxx/CVE-2020-0702.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Surface Hub", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Surface Hub when prompting for credentials, aka 'Surface Hub Security Feature Bypass Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0702", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0702" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0703.json b/2020/0xxx/CVE-2020-0703.json new file mode 100644 index 00000000000..ca8b6880bfb --- /dev/null +++ b/2020/0xxx/CVE-2020-0703.json @@ -0,0 +1,221 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0703", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0703" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0704.json b/2020/0xxx/CVE-2020-0704.json new file mode 100644 index 00000000000..9201368696c --- /dev/null +++ b/2020/0xxx/CVE-2020-0704.json @@ -0,0 +1,200 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Wireless Network Manager improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Wireless Network Manager Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0704", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0704" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0705.json b/2020/0xxx/CVE-2020-0705.json new file mode 100644 index 00000000000..4d61693cd81 --- /dev/null +++ b/2020/0xxx/CVE-2020-0705.json @@ -0,0 +1,171 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0705", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0705" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0706.json b/2020/0xxx/CVE-2020-0706.json new file mode 100644 index 00000000000..7740a233766 --- /dev/null +++ b/2020/0xxx/CVE-2020-0706.json @@ -0,0 +1,326 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0706", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0706" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0707.json b/2020/0xxx/CVE-2020-0707.json new file mode 100644 index 00000000000..db5e8edf4e9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0707.json @@ -0,0 +1,221 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows IME improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows IME Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0707", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0707" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0708.json b/2020/0xxx/CVE-2020-0708.json new file mode 100644 index 00000000000..fe146fd7626 --- /dev/null +++ b/2020/0xxx/CVE-2020-0708.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka 'Windows Imaging Library Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0708", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0708" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0709.json b/2020/0xxx/CVE-2020-0709.json new file mode 100644 index 00000000000..bffd2e5f0f0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0709.json @@ -0,0 +1,84 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0732." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0709", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0709" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0710.json b/2020/0xxx/CVE-2020-0710.json new file mode 100644 index 00000000000..3312067e11f --- /dev/null +++ b/2020/0xxx/CVE-2020-0710.json @@ -0,0 +1,252 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0710", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0710" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0711.json b/2020/0xxx/CVE-2020-0711.json new file mode 100644 index 00000000000..170c63486a4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0711.json @@ -0,0 +1,192 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0711", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0711" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0712.json b/2020/0xxx/CVE-2020-0712.json new file mode 100644 index 00000000000..7c97beee802 --- /dev/null +++ b/2020/0xxx/CVE-2020-0712.json @@ -0,0 +1,252 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0712", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0712" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0713.json b/2020/0xxx/CVE-2020-0713.json new file mode 100644 index 00000000000..7e65a7f387a --- /dev/null +++ b/2020/0xxx/CVE-2020-0713.json @@ -0,0 +1,252 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0713", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0713" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0714.json b/2020/0xxx/CVE-2020-0714.json new file mode 100644 index 00000000000..174e09b92d9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0714.json @@ -0,0 +1,173 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0714", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0714" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0715.json b/2020/0xxx/CVE-2020-0715.json new file mode 100644 index 00000000000..0f33f1114d3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0715.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0745, CVE-2020-0792." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0715", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0715" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0716.json b/2020/0xxx/CVE-2020-0716.json new file mode 100644 index 00000000000..4fb81707a1f --- /dev/null +++ b/2020/0xxx/CVE-2020-0716.json @@ -0,0 +1,108 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0717." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0716", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0716" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0717.json b/2020/0xxx/CVE-2020-0717.json new file mode 100644 index 00000000000..17e903606ba --- /dev/null +++ b/2020/0xxx/CVE-2020-0717.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0716." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0717", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0717" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0719.json b/2020/0xxx/CVE-2020-0719.json new file mode 100644 index 00000000000..a552b63530e --- /dev/null +++ b/2020/0xxx/CVE-2020-0719.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0719", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0719" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0720.json b/2020/0xxx/CVE-2020-0720.json new file mode 100644 index 00000000000..90688bf94c5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0720.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0720", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0720" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0721.json b/2020/0xxx/CVE-2020-0721.json new file mode 100644 index 00000000000..07c828ded44 --- /dev/null +++ b/2020/0xxx/CVE-2020-0721.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0721", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0721" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0722.json b/2020/0xxx/CVE-2020-0722.json new file mode 100644 index 00000000000..502e08b5bdf --- /dev/null +++ b/2020/0xxx/CVE-2020-0722.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0722", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0722" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0723.json b/2020/0xxx/CVE-2020-0723.json new file mode 100644 index 00000000000..bd5b6860f1d --- /dev/null +++ b/2020/0xxx/CVE-2020-0723.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0723", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0723" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0724.json b/2020/0xxx/CVE-2020-0724.json new file mode 100644 index 00000000000..ec04118dc3f --- /dev/null +++ b/2020/0xxx/CVE-2020-0724.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0724", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0724" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0725.json b/2020/0xxx/CVE-2020-0725.json new file mode 100644 index 00000000000..18a8407af4e --- /dev/null +++ b/2020/0xxx/CVE-2020-0725.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0726, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0725", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0725" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0726.json b/2020/0xxx/CVE-2020-0726.json new file mode 100644 index 00000000000..c604b143cf6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0726.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0726", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0726" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0727.json b/2020/0xxx/CVE-2020-0727.json new file mode 100644 index 00000000000..214748bfec8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0727.json @@ -0,0 +1,200 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0727", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0727" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0728.json b/2020/0xxx/CVE-2020-0728.json new file mode 100644 index 00000000000..95c0cb419e5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0728.json @@ -0,0 +1,199 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability", + "url": "https://seclists.org/bugtraq/2020/Feb/21" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0729.json b/2020/0xxx/CVE-2020-0729.json new file mode 100644 index 00000000000..515ca1f9eb8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0729.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0729", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0729" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0730.json b/2020/0xxx/CVE-2020-0730.json new file mode 100644 index 00000000000..416e3f48998 --- /dev/null +++ b/2020/0xxx/CVE-2020-0730.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0730", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0730" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0731.json b/2020/0xxx/CVE-2020-0731.json new file mode 100644 index 00000000000..6032041d025 --- /dev/null +++ b/2020/0xxx/CVE-2020-0731.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0731", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0731" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0732.json b/2020/0xxx/CVE-2020-0732.json new file mode 100644 index 00000000000..0e021fa6406 --- /dev/null +++ b/2020/0xxx/CVE-2020-0732.json @@ -0,0 +1,84 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0709." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0732", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0732" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0733.json b/2020/0xxx/CVE-2020-0733.json new file mode 100644 index 00000000000..41dd59cd10a --- /dev/null +++ b/2020/0xxx/CVE-2020-0733.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Malicious Software Removal Tool 32-bit", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Malicious Software Removal Tool 64-bit", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0733", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0733" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0734.json b/2020/0xxx/CVE-2020-0734.json new file mode 100644 index 00000000000..323dfea3069 --- /dev/null +++ b/2020/0xxx/CVE-2020-0734.json @@ -0,0 +1,236 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0735.json b/2020/0xxx/CVE-2020-0735.json new file mode 100644 index 00000000000..cd3c5b69c30 --- /dev/null +++ b/2020/0xxx/CVE-2020-0735.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0752." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0735", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0735" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0736.json b/2020/0xxx/CVE-2020-0736.json new file mode 100644 index 00000000000..805e9c2f49c --- /dev/null +++ b/2020/0xxx/CVE-2020-0736.json @@ -0,0 +1,96 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0736", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0736" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0737.json b/2020/0xxx/CVE-2020-0737.json new file mode 100644 index 00000000000..f511bb7cf93 --- /dev/null +++ b/2020/0xxx/CVE-2020-0737.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0739." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0737", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0737" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0738.json b/2020/0xxx/CVE-2020-0738.json new file mode 100644 index 00000000000..40a681de27c --- /dev/null +++ b/2020/0xxx/CVE-2020-0738.json @@ -0,0 +1,236 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0738", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0738" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0739.json b/2020/0xxx/CVE-2020-0739.json new file mode 100644 index 00000000000..279de04cef2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0739.json @@ -0,0 +1,200 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0737." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0739", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0739" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0740.json b/2020/0xxx/CVE-2020-0740.json new file mode 100644 index 00000000000..71c78e69a85 --- /dev/null +++ b/2020/0xxx/CVE-2020-0740.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0740", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0740" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0741.json b/2020/0xxx/CVE-2020-0741.json new file mode 100644 index 00000000000..c0921ac5156 --- /dev/null +++ b/2020/0xxx/CVE-2020-0741.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0741", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0741" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0742.json b/2020/0xxx/CVE-2020-0742.json new file mode 100644 index 00000000000..224918248f5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0742.json @@ -0,0 +1,200 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0742", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0742" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0743.json b/2020/0xxx/CVE-2020-0743.json new file mode 100644 index 00000000000..5fec143680b --- /dev/null +++ b/2020/0xxx/CVE-2020-0743.json @@ -0,0 +1,194 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0749, CVE-2020-0750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0743", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0743" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0744.json b/2020/0xxx/CVE-2020-0744.json new file mode 100644 index 00000000000..f3fd8901f1d --- /dev/null +++ b/2020/0xxx/CVE-2020-0744.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0744", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0744" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0745.json b/2020/0xxx/CVE-2020-0745.json new file mode 100644 index 00000000000..9e5424a9780 --- /dev/null +++ b/2020/0xxx/CVE-2020-0745.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0792." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0745", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0745" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0746.json b/2020/0xxx/CVE-2020-0746.json new file mode 100644 index 00000000000..2fab8f85fe8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0746.json @@ -0,0 +1,173 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0746", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0746" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0747.json b/2020/0xxx/CVE-2020-0747.json new file mode 100644 index 00000000000..6c047800a8c --- /dev/null +++ b/2020/0xxx/CVE-2020-0747.json @@ -0,0 +1,200 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0659." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0747", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0747" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0748.json b/2020/0xxx/CVE-2020-0748.json new file mode 100644 index 00000000000..b6f777678d7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0748.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0755, CVE-2020-0756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0748", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0748" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0749.json b/2020/0xxx/CVE-2020-0749.json new file mode 100644 index 00000000000..eaffa4179af --- /dev/null +++ b/2020/0xxx/CVE-2020-0749.json @@ -0,0 +1,200 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0749", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0749" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0750.json b/2020/0xxx/CVE-2020-0750.json new file mode 100644 index 00000000000..228ba6af381 --- /dev/null +++ b/2020/0xxx/CVE-2020-0750.json @@ -0,0 +1,194 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0750", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0750" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0751.json b/2020/0xxx/CVE-2020-0751.json new file mode 100644 index 00000000000..6929e8bd539 --- /dev/null +++ b/2020/0xxx/CVE-2020-0751.json @@ -0,0 +1,92 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0751", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0751" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0752.json b/2020/0xxx/CVE-2020-0752.json new file mode 100644 index 00000000000..faa37c10809 --- /dev/null +++ b/2020/0xxx/CVE-2020-0752.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0752", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0752" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0753.json b/2020/0xxx/CVE-2020-0753.json new file mode 100644 index 00000000000..6e42550af65 --- /dev/null +++ b/2020/0xxx/CVE-2020-0753.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0754." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0753", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0753" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0754.json b/2020/0xxx/CVE-2020-0754.json new file mode 100644 index 00000000000..6ff58036c53 --- /dev/null +++ b/2020/0xxx/CVE-2020-0754.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0754", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0754" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0755.json b/2020/0xxx/CVE-2020-0755.json new file mode 100644 index 00000000000..8278201017a --- /dev/null +++ b/2020/0xxx/CVE-2020-0755.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0755", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0755" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0756.json b/2020/0xxx/CVE-2020-0756.json new file mode 100644 index 00000000000..eb1bbd26b70 --- /dev/null +++ b/2020/0xxx/CVE-2020-0756.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0756", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0756" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0757.json b/2020/0xxx/CVE-2020-0757.json new file mode 100644 index 00000000000..8ac2a859f9c --- /dev/null +++ b/2020/0xxx/CVE-2020-0757.json @@ -0,0 +1,161 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0757", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0757" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0759.json b/2020/0xxx/CVE-2020-0759.json new file mode 100644 index 00000000000..611411581d7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0759.json @@ -0,0 +1,112 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0759", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0759" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0767.json b/2020/0xxx/CVE-2020-0767.json new file mode 100644 index 00000000000..27778d53ff2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0767.json @@ -0,0 +1,272 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0767", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0767" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0792.json b/2020/0xxx/CVE-2020-0792.json new file mode 100644 index 00000000000..567723e9ee0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0792.json @@ -0,0 +1,132 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0745." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0792", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0792" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1692.json b/2020/1xxx/CVE-2020-1692.json index dea444cf3bd..382be504d91 100644 --- a/2020/1xxx/CVE-2020-1692.json +++ b/2020/1xxx/CVE-2020-1692.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Moodle Project", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Moodle before version 3.7.2 is vulnerable information exposure of service tokens for users enroled in the same course." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.1/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} diff --git a/2020/1xxx/CVE-2020-1697.json b/2020/1xxx/CVE-2020-1697.json index ad41dcbb8ff..1d70b2c0185 100644 --- a/2020/1xxx/CVE-2020-1697.json +++ b/2020/1xxx/CVE-2020-1697.json @@ -4,15 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "All versions before 9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1700.json b/2020/1xxx/CVE-2020-1700.json index 179ce3f82b1..5c88cf0020b 100644 --- a/2020/1xxx/CVE-2020-1700.json +++ b/2020/1xxx/CVE-2020-1700.json @@ -4,15 +4,77 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "ceph", + "version": { + "version_data": [ + { + "version_value": "14.2.4-125.el8cp" + }, + { + "version_value": "14.2.4-51.el7cp" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700", + "refsource": "CONFIRM" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0187", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1708.json b/2020/1xxx/CVE-2020-1708.json index dd5c3644855..19ccaf3b818 100644 --- a/2020/1xxx/CVE-2020-1708.json +++ b/2020/1xxx/CVE-2020-1708.json @@ -4,15 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "openshift/mysql-apb", + "version": { + "version_data": [ + { + "version_value": "openshift-enterprise version 3.11" + }, + { + "version_value": "from openshift-enterprise version 4.1 to, including 4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1711.json b/2020/1xxx/CVE-2020-1711.json index b1a4008522f..f92e6a5c89e 100644 --- a/2020/1xxx/CVE-2020-1711.json +++ b/2020/1xxx/CVE-2020-1711.json @@ -4,15 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "All qemu versions 2.12.0 before 4.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711", + "refsource": "CONFIRM" + }, + { + "url": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html", + "refsource": "MISC" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/23/3", + "name": "https://www.openwall.com/lists/oss-security/2020/01/23/3", + "refsource": "MISC" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.7/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1726.json b/2020/1xxx/CVE-2020-1726.json index c90c891ddf6..5e89bb5103c 100644 --- a/2020/1xxx/CVE-2020-1726.json +++ b/2020/1xxx/CVE-2020-1726.json @@ -4,15 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The ", + "product": { + "product_data": [ + { + "product_name": "podman", + "version": { + "version_data": [ + { + "version_value": "from 1.6.0 onwards" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1768.json b/2020/1xxx/CVE-2020-1768.json index c6723372804..1afaefb6e92 100644 --- a/2020/1xxx/CVE-2020-1768.json +++ b/2020/1xxx/CVE-2020-1768.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@otrs.com", + "DATE_PUBLIC": "2020-02-07T00:00:00.000Z", "ID": "CVE-2020-1768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "External Interface does not invalidate session" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OTRS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.0.x", + "version_value": "7.0.14" + } + ] + } + } + ] + }, + "vendor_name": "OTRS AG" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/", + "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to OTRS 7.0.15" + } + ], + "source": { + "advisory": "OSA-2020-04", + "defect": [ + "2020011342001517" + ], + "discovery": "USER" } } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1930.json b/2020/1xxx/CVE-2020-1930.json index 3e7e66840a1..bcd40ad978b 100644 --- a/2020/1xxx/CVE-2020-1930.json +++ b/2020/1xxx/CVE-2020-1930.json @@ -63,6 +63,26 @@ "refsource": "BUGTRAQ", "name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update", "url": "https://seclists.org/bugtraq/2020/Feb/1" + }, + { + "refsource": "UBUNTU", + "name": "USN-4265-1", + "url": "https://usn.ubuntu.com/4265-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4265-2", + "url": "https://usn.ubuntu.com/4265-2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-24dac7d890", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-bd20036cdc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/" } ] }, diff --git a/2020/1xxx/CVE-2020-1931.json b/2020/1xxx/CVE-2020-1931.json index 0aa7040fcaa..a034218fad7 100644 --- a/2020/1xxx/CVE-2020-1931.json +++ b/2020/1xxx/CVE-2020-1931.json @@ -58,6 +58,26 @@ "refsource": "BUGTRAQ", "name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update", "url": "https://seclists.org/bugtraq/2020/Feb/1" + }, + { + "refsource": "UBUNTU", + "name": "USN-4265-1", + "url": "https://usn.ubuntu.com/4265-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4265-2", + "url": "https://usn.ubuntu.com/4265-2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-24dac7d890", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-bd20036cdc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/" } ] }, diff --git a/2020/1xxx/CVE-2020-1940.json b/2020/1xxx/CVE-2020-1940.json index 771247406ca..af7df2faf04 100644 --- a/2020/1xxx/CVE-2020-1940.json +++ b/2020/1xxx/CVE-2020-1940.json @@ -83,6 +83,16 @@ "refsource": "MLIST", "name": "[jackrabbit-oak-commits] 20200129 svn commit: r1873303 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/reports.md", "url": "https://lists.apache.org/thread.html/r601637e38ee743e845856a4e24915cb8db26ae80ca782bef91989cbc@%3Coak-commits.jackrabbit.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[jackrabbit-oak-commits] 20200205 svn commit: r1873622 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/reports.md", + "url": "https://lists.apache.org/thread.html/rc35a57ecdeae342d46f729d6bc9750ba860c101f450cc171798dba28@%3Coak-commits.jackrabbit.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[jackrabbit-commits] 20200206 svn commit: r1873705 [4/5] - in /jackrabbit/site/live/oak/docs: ./ META-INF/ architecture/ coldstandby/ features/ nodestore/ nodestore/document/ nodestore/segment/ oak_api/ plugins/ query/ security/ security/accesscontrol/ security/authentication/ secu...", + "url": "https://lists.apache.org/thread.html/rbef4701b5ce4d827182e70ad7b4d987a9157682ba3643e05a9ef5a7b@%3Ccommits.jackrabbit.apache.org%3E" } ] }, diff --git a/2020/1xxx/CVE-2020-1942.json b/2020/1xxx/CVE-2020-1942.json index e5982b67d97..daf7613dd77 100644 --- a/2020/1xxx/CVE-2020-1942.json +++ b/2020/1xxx/CVE-2020-1942.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 0.0.1 to 1.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nifi.apache.org/security.html#CVE-2020-1942", + "url": "https://nifi.apache.org/security.html#CVE-2020-1942" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext." } ] } diff --git a/2020/1xxx/CVE-2020-1975.json b/2020/1xxx/CVE-2020-1975.json index c42da4b8a61..f932fdb5461 100644 --- a/2020/1xxx/CVE-2020-1975.json +++ b/2020/1xxx/CVE-2020-1975.json @@ -1,18 +1,140 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@paloaltonetworks.com", + "DATE_PUBLIC": "2020-02-12T17:00:00.000Z", "ID": "CVE-2020-1975", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Missing XML Validation in PAN-OS Web Interface" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PAN-OS", + "version": { + "version_data": [ + { + "version_affected": "!", + "version_name": "7.1", + "version_value": "7.1.*" + }, + { + "version_affected": "!", + "version_name": "8.0", + "version_value": "8.0.*" + }, + { + "version_affected": "<", + "version_name": "8.1", + "version_value": "8.1.12" + }, + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "9.0.6" + }, + { + "version_affected": "!>=", + "version_name": "8.1", + "version_value": "8.1.12" + }, + { + "version_affected": "!>=", + "version_name": "9.0", + "version_value": "9.0.6" + } + ] + } + } + ] + }, + "vendor_name": "Palo Alto Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue requires that the web-based management interface is enabled on the hardware or virtual appliance." + } + ], + "credit": [ + { + "lang": "eng", + "value": "This issue was found during a security assessment performed by a customer." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-112 Missing XML Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-1975", + "name": "https://security.paloaltonetworks.com/CVE-2020-1975" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This issue is fixed in PAN-OS 8.1.12, PAN-OS 9.0.6, and all later versions.\n" + } + ], + "source": { + "defect": [ + "PAN-124593" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "This issue affects the web-based management interface of the appliance. Access to the web-based management interface of the appliance should be limited strictly to only trusted users, hosts, and networks.\n" + } + ] } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1976.json b/2020/1xxx/CVE-2020-1976.json index 4d475bd252e..e9c19dd5020 100644 --- a/2020/1xxx/CVE-2020-1976.json +++ b/2020/1xxx/CVE-2020-1976.json @@ -1,18 +1,116 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@paloaltonetworks.com", + "DATE_PUBLIC": "2020-02-12T17:00:00.000Z", "ID": "CVE-2020-1976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GlobalProtect", + "version": { + "version_data": [ + { + "platform": "Mac OS", + "version_affected": "<=", + "version_name": "5.0", + "version_value": "5.0.5" + }, + { + "platform": "Mac OS", + "version_affected": "!>=", + "version_name": "5.0", + "version_value": "5.0.6" + } + ] + } + } + ] + }, + "vendor_name": "Palo Alto Networks" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered during a security test performed in collaboration with IOActive." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-642 External Control of Critical State Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-1976", + "name": "https://security.paloaltonetworks.com/CVE-2020-1976" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions.\n" + } + ], + "source": { + "defect": [ + "GPC-9616" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "n/a" + } + ] } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1977.json b/2020/1xxx/CVE-2020-1977.json index 4acfda276bb..c0dc3b23593 100644 --- a/2020/1xxx/CVE-2020-1977.json +++ b/2020/1xxx/CVE-2020-1977.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@paloaltonetworks.com", + "DATE_PUBLIC": "2020-02-12T17:00:00.000Z", "ID": "CVE-2020-1977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Expedition Migration Tool: Insufficient Cross Site Request Forgery protection." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Expedition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1", + "version_value": "1.1.51" + }, + { + "version_affected": "!>=", + "version_name": "1.1", + "version_value": "1.1.52" + } + ] + } + } + ] + }, + "vendor_name": "Palo Alto Networks" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Palo Alto Networks thanks Jimi Sebree of Tenable Research for discovering and responsibly reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2020-1977", + "name": "https://security.paloaltonetworks.com/CVE-2020-1977" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This issue is fixed in Expedition Migration Tool 1.1.52 and later versions." + } + ], + "source": { + "defect": [ + "MT-1593" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "To prevent the chance of malicious websites making forged requests to Expedition Migration Tool, you should access the tool exclusively from a web browser and log out after each use." + } + ] } \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2109.json b/2020/2xxx/CVE-2020-2109.json index 0e9879c4173..92a4fe11fb2 100644 --- a/2020/2xxx/CVE-2020-2109.json +++ b/2020/2xxx/CVE-2020-2109.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline: Groovy Plugin", + "version": { + "version_data": [ + { + "version_value": "2.78", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-265" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2110.json b/2020/2xxx/CVE-2020-2110.json index 3bdcc3424f2..96081ff9ccd 100644 --- a/2020/2xxx/CVE-2020-2110.json +++ b/2020/2xxx/CVE-2020-2110.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Script Security Plugin", + "version": { + "version_data": [ + { + "version_value": "1.69", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-265" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2111.json b/2020/2xxx/CVE-2020-2111.json index 31897d8630f..4754bf7a1e6 100644 --- a/2020/2xxx/CVE-2020-2111.json +++ b/2020/2xxx/CVE-2020-2111.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Subversion Plugin", + "version": { + "version_data": [ + { + "version_value": "2.13.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2112.json b/2020/2xxx/CVE-2020-2112.json index 350e83c0abc..0022520e23e 100644 --- a/2020/2xxx/CVE-2020-2112.json +++ b/2020/2xxx/CVE-2020-2112.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Git Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "0.9.4", + "version_affected": ">=" + }, + { + "version_value": "0.9.11", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2113.json b/2020/2xxx/CVE-2020-2113.json index 11bcad080dc..aa9e5fb048e 100644 --- a/2020/2xxx/CVE-2020-2113.json +++ b/2020/2xxx/CVE-2020-2113.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Git Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "0.9.4", + "version_affected": ">=" + }, + { + "version_value": "0.9.11", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2114.json b/2020/2xxx/CVE-2020-2114.json index b1c290e5abc..a2bef4ed2be 100644 --- a/2020/2xxx/CVE-2020-2114.json +++ b/2020/2xxx/CVE-2020-2114.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins S3 publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "0.11.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2115.json b/2020/2xxx/CVE-2020-2115.json index d609e53277b..30cfbb3118b 100644 --- a/2020/2xxx/CVE-2020-2115.json +++ b/2020/2xxx/CVE-2020-2115.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins NUnit Plugin", + "version": { + "version_data": [ + { + "version_value": "0.25", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1752", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1752", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2116.json b/2020/2xxx/CVE-2020-2116.json index 7864c267f44..ffd19d589d6 100644 --- a/2020/2xxx/CVE-2020-2116.json +++ b/2020/2xxx/CVE-2020-2116.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline GitHub Notify Step Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2117.json b/2020/2xxx/CVE-2020-2117.json index bb82e50ceff..865c642e5e1 100644 --- a/2020/2xxx/CVE-2020-2117.json +++ b/2020/2xxx/CVE-2020-2117.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline GitHub Notify Step Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2118.json b/2020/2xxx/CVE-2020-2118.json index e541354aeb6..807508ccdba 100644 --- a/2020/2xxx/CVE-2020-2118.json +++ b/2020/2xxx/CVE-2020-2118.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline GitHub Notify Step Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2119.json b/2020/2xxx/CVE-2020-2119.json index 1462d878f46..5c62ae49650 100644 --- a/2020/2xxx/CVE-2020-2119.json +++ b/2020/2xxx/CVE-2020-2119.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Azure AD Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2120.json b/2020/2xxx/CVE-2020-2120.json index b2ae445810f..cb2fe12cd37 100644 --- a/2020/2xxx/CVE-2020-2120.json +++ b/2020/2xxx/CVE-2020-2120.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins FitNesse Plugin", + "version": { + "version_data": [ + { + "version_value": "1.30", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2121.json b/2020/2xxx/CVE-2020-2121.json index 5baea9ae0cf..42e1a321cf9 100644 --- a/2020/2xxx/CVE-2020-2121.json +++ b/2020/2xxx/CVE-2020-2121.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Google Kubernetes Engine Plugin", + "version": { + "version_data": [ + { + "version_value": "0.8.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2122.json b/2020/2xxx/CVE-2020-2122.json index 2883d139fad..dd40c07ba6c 100644 --- a/2020/2xxx/CVE-2020-2122.json +++ b/2020/2xxx/CVE-2020-2122.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Brakeman Plugin", + "version": { + "version_data": [ + { + "version_value": "0.12", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2123.json b/2020/2xxx/CVE-2020-2123.json index 060d4c45b99..3179a059611 100644 --- a/2020/2xxx/CVE-2020-2123.json +++ b/2020/2xxx/CVE-2020-2123.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins RadarGun Plugin", + "version": { + "version_data": [ + { + "version_value": "1.7", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2124.json b/2020/2xxx/CVE-2020-2124.json index 0ab1dde4c99..f73efabd008 100644 --- a/2020/2xxx/CVE-2020-2124.json +++ b/2020/2xxx/CVE-2020-2124.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Dynamic Extended Choice Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.1", + "version_affected": "<=" + }, + { + "version_value": "1.0.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2125.json b/2020/2xxx/CVE-2020-2125.json index 07a1e1d2cd6..fd1ce9a341b 100644 --- a/2020/2xxx/CVE-2020-2125.json +++ b/2020/2xxx/CVE-2020-2125.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Debian Package Builder Plugin", + "version": { + "version_data": [ + { + "version_value": "1.6.11", + "version_affected": "<=" + }, + { + "version_value": "1.6.11", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2126.json b/2020/2xxx/CVE-2020-2126.json index c7f11d686fa..c2c28625000 100644 --- a/2020/2xxx/CVE-2020-2126.json +++ b/2020/2xxx/CVE-2020-2126.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins DigitalOcean Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1", + "version_affected": "<=" + }, + { + "version_value": "1.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2127.json b/2020/2xxx/CVE-2020-2127.json index c8c257635ba..5e8ee42372e 100644 --- a/2020/2xxx/CVE-2020-2127.json +++ b/2020/2xxx/CVE-2020-2127.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins BMC Release Package and Deployment Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1", + "version_affected": "<=" + }, + { + "version_value": "1.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2128.json b/2020/2xxx/CVE-2020-2128.json index 336f098fb99..dbbe2da8af9 100644 --- a/2020/2xxx/CVE-2020-2128.json +++ b/2020/2xxx/CVE-2020-2128.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins ECX Copy Data Management Plugin", + "version": { + "version_data": [ + { + "version_value": "1.9", + "version_affected": "<=" + }, + { + "version_value": "1.9", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2129.json b/2020/2xxx/CVE-2020-2129.json index cf611fb21d3..fc045bfa3df 100644 --- a/2020/2xxx/CVE-2020-2129.json +++ b/2020/2xxx/CVE-2020-2129.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Eagle Tester Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.9", + "version_affected": "<=" + }, + { + "version_value": "1.0.9", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2130.json b/2020/2xxx/CVE-2020-2130.json index 85a99104157..949447b0724 100644 --- a/2020/2xxx/CVE-2020-2130.json +++ b/2020/2xxx/CVE-2020-2130.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Harvest SCM Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5.1", + "version_affected": "<=" + }, + { + "version_value": "0.5.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2131.json b/2020/2xxx/CVE-2020-2131.json index 56f1533b38b..e74886c7f34 100644 --- a/2020/2xxx/CVE-2020-2131.json +++ b/2020/2xxx/CVE-2020-2131.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Harvest SCM Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5.1", + "version_affected": "<=" + }, + { + "version_value": "0.5.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2132.json b/2020/2xxx/CVE-2020-2132.json index 2300654122d..ae0a37569dc 100644 --- a/2020/2xxx/CVE-2020-2132.json +++ b/2020/2xxx/CVE-2020-2132.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2132", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Parasoft Environment Manager Plugin", + "version": { + "version_data": [ + { + "version_value": "2.14", + "version_affected": "<=" + }, + { + "version_value": "2.14", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1562", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1562", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2133.json b/2020/2xxx/CVE-2020-2133.json index 3bd8b10f820..d793c53f66a 100644 --- a/2020/2xxx/CVE-2020-2133.json +++ b/2020/2xxx/CVE-2020-2133.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Applatix Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1", + "version_affected": "<=" + }, + { + "version_value": "1.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1540", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1540", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ] } diff --git a/2020/2xxx/CVE-2020-2510.json b/2020/2xxx/CVE-2020-2510.json index c65cedab6d8..addacb39933 100644 --- a/2020/2xxx/CVE-2020-2510.json +++ b/2020/2xxx/CVE-2020-2510.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -55,6 +56,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2511.json b/2020/2xxx/CVE-2020-2511.json index 20fdd61b9ad..084b3178ad7 100644 --- a/2020/2xxx/CVE-2020-2511.json +++ b/2020/2xxx/CVE-2020-2511.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2512.json b/2020/2xxx/CVE-2020-2512.json index 7be45bd83de..9bb97ed3c79 100644 --- a/2020/2xxx/CVE-2020-2512.json +++ b/2020/2xxx/CVE-2020-2512.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -55,6 +56,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2515.json b/2020/2xxx/CVE-2020-2515.json index e42c374a299..81f8d3d84bc 100644 --- a/2020/2xxx/CVE-2020-2515.json +++ b/2020/2xxx/CVE-2020-2515.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -55,6 +56,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2516.json b/2020/2xxx/CVE-2020-2516.json index 10022020d1b..62769f6ed4a 100644 --- a/2020/2xxx/CVE-2020-2516.json +++ b/2020/2xxx/CVE-2020-2516.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "2.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2517.json b/2020/2xxx/CVE-2020-2517.json index f121ba9b7b8..f3b8c5b98e4 100644 --- a/2020/2xxx/CVE-2020-2517.json +++ b/2020/2xxx/CVE-2020-2517.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.3", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2518.json b/2020/2xxx/CVE-2020-2518.json index 7859774e195..b5452952880 100644 --- a/2020/2xxx/CVE-2020-2518.json +++ b/2020/2xxx/CVE-2020-2518.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -55,6 +56,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2519.json b/2020/2xxx/CVE-2020-2519.json index cf5da15f819..93443fef940 100644 --- a/2020/2xxx/CVE-2020-2519.json +++ b/2020/2xxx/CVE-2020-2519.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2527.json b/2020/2xxx/CVE-2020-2527.json index 7ed4593aebc..94a834f8c28 100644 --- a/2020/2xxx/CVE-2020-2527.json +++ b/2020/2xxx/CVE-2020-2527.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2530.json b/2020/2xxx/CVE-2020-2530.json index b6d9bafb274..d1e3bb0a356 100644 --- a/2020/2xxx/CVE-2020-2530.json +++ b/2020/2xxx/CVE-2020-2530.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2531.json b/2020/2xxx/CVE-2020-2531.json index e1f155358d3..9bb81824bc4 100644 --- a/2020/2xxx/CVE-2020-2531.json +++ b/2020/2xxx/CVE-2020-2531.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.1", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2533.json b/2020/2xxx/CVE-2020-2533.json index 44b67b1568e..766f6e23d3f 100644 --- a/2020/2xxx/CVE-2020-2533.json +++ b/2020/2xxx/CVE-2020-2533.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2534.json b/2020/2xxx/CVE-2020-2534.json index 07f26affdb6..3320eb55068 100644 --- a/2020/2xxx/CVE-2020-2534.json +++ b/2020/2xxx/CVE-2020-2534.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2535.json b/2020/2xxx/CVE-2020-2535.json index 7d4db92d9c4..9fffcef4763 100644 --- a/2020/2xxx/CVE-2020-2535.json +++ b/2020/2xxx/CVE-2020-2535.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2536.json b/2020/2xxx/CVE-2020-2536.json index 9c225bdaf7c..46e4559d9ba 100644 --- a/2020/2xxx/CVE-2020-2536.json +++ b/2020/2xxx/CVE-2020-2536.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2537.json b/2020/2xxx/CVE-2020-2537.json index f5fc9a79b95..25be79eca7e 100644 --- a/2020/2xxx/CVE-2020-2537.json +++ b/2020/2xxx/CVE-2020-2537.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2538.json b/2020/2xxx/CVE-2020-2538.json index a6e479844e1..c8de3b451ec 100644 --- a/2020/2xxx/CVE-2020-2538.json +++ b/2020/2xxx/CVE-2020-2538.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2539.json b/2020/2xxx/CVE-2020-2539.json index 141b8e08d99..b0e417bfe64 100644 --- a/2020/2xxx/CVE-2020-2539.json +++ b/2020/2xxx/CVE-2020-2539.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2540.json b/2020/2xxx/CVE-2020-2540.json index a52fb25e9a0..f1d9f8964f3 100644 --- a/2020/2xxx/CVE-2020-2540.json +++ b/2020/2xxx/CVE-2020-2540.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2541.json b/2020/2xxx/CVE-2020-2541.json index c9a11a52f9f..5d076f22afa 100644 --- a/2020/2xxx/CVE-2020-2541.json +++ b/2020/2xxx/CVE-2020-2541.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2542.json b/2020/2xxx/CVE-2020-2542.json index 1333b80dabd..06684111e66 100644 --- a/2020/2xxx/CVE-2020-2542.json +++ b/2020/2xxx/CVE-2020-2542.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2543.json b/2020/2xxx/CVE-2020-2543.json index 3369fa398bd..bc3333a5fe8 100644 --- a/2020/2xxx/CVE-2020-2543.json +++ b/2020/2xxx/CVE-2020-2543.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2544.json b/2020/2xxx/CVE-2020-2544.json index 9373b3a55a0..6d4acf78efa 100644 --- a/2020/2xxx/CVE-2020-2544.json +++ b/2020/2xxx/CVE-2020-2544.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2545.json b/2020/2xxx/CVE-2020-2545.json index 2d07ac52464..437ef602812 100644 --- a/2020/2xxx/CVE-2020-2545.json +++ b/2020/2xxx/CVE-2020-2545.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2546.json b/2020/2xxx/CVE-2020-2546.json index 454a3166038..c71accdd175 100644 --- a/2020/2xxx/CVE-2020-2546.json +++ b/2020/2xxx/CVE-2020-2546.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2547.json b/2020/2xxx/CVE-2020-2547.json index f7fd2cc1350..d0ca7cce0d6 100644 --- a/2020/2xxx/CVE-2020-2547.json +++ b/2020/2xxx/CVE-2020-2547.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2548.json b/2020/2xxx/CVE-2020-2548.json index 2852deaccc1..4b199d39b64 100644 --- a/2020/2xxx/CVE-2020-2548.json +++ b/2020/2xxx/CVE-2020-2548.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2549.json b/2020/2xxx/CVE-2020-2549.json index 209dfd4be6f..a4a63898674 100644 --- a/2020/2xxx/CVE-2020-2549.json +++ b/2020/2xxx/CVE-2020-2549.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2550.json b/2020/2xxx/CVE-2020-2550.json index 5c85aa271d5..4c5e0b19f3c 100644 --- a/2020/2xxx/CVE-2020-2550.json +++ b/2020/2xxx/CVE-2020-2550.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.1", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2551.json b/2020/2xxx/CVE-2020-2551.json index ac232d129f9..b4db14716d1 100644 --- a/2020/2xxx/CVE-2020-2551.json +++ b/2020/2xxx/CVE-2020-2551.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2552.json b/2020/2xxx/CVE-2020-2552.json index 86a80e386dc..cce09bc25d7 100644 --- a/2020/2xxx/CVE-2020-2552.json +++ b/2020/2xxx/CVE-2020-2552.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index 78c41098a31..cc01fbe4509 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2556.json b/2020/2xxx/CVE-2020-2556.json index ea8d6a3d9ee..1afb48be3f8 100644 --- a/2020/2xxx/CVE-2020-2556.json +++ b/2020/2xxx/CVE-2020-2556.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -55,6 +56,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2557.json b/2020/2xxx/CVE-2020-2557.json index 86e11cd98e4..9f598f706f5 100644 --- a/2020/2xxx/CVE-2020-2557.json +++ b/2020/2xxx/CVE-2020-2557.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2558.json b/2020/2xxx/CVE-2020-2558.json index e85b5506a60..0a05a10a139 100644 --- a/2020/2xxx/CVE-2020-2558.json +++ b/2020/2xxx/CVE-2020-2558.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2559.json b/2020/2xxx/CVE-2020-2559.json index 02ab583e402..ec6cf54ddc8 100644 --- a/2020/2xxx/CVE-2020-2559.json +++ b/2020/2xxx/CVE-2020-2559.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2560.json b/2020/2xxx/CVE-2020-2560.json index 9c0020f540c..829c01c7e00 100644 --- a/2020/2xxx/CVE-2020-2560.json +++ b/2020/2xxx/CVE-2020-2560.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2561.json b/2020/2xxx/CVE-2020-2561.json index c6ef94f8e77..38f1ec2c728 100644 --- a/2020/2xxx/CVE-2020-2561.json +++ b/2020/2xxx/CVE-2020-2561.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2563.json b/2020/2xxx/CVE-2020-2563.json index 5d80b8718ff..d964083562c 100644 --- a/2020/2xxx/CVE-2020-2563.json +++ b/2020/2xxx/CVE-2020-2563.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.2", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2564.json b/2020/2xxx/CVE-2020-2564.json index fc298075549..46e1a765aea 100644 --- a/2020/2xxx/CVE-2020-2564.json +++ b/2020/2xxx/CVE-2020-2564.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2565.json b/2020/2xxx/CVE-2020-2565.json index ff3b123ee45..17bb96e760e 100644 --- a/2020/2xxx/CVE-2020-2565.json +++ b/2020/2xxx/CVE-2020-2565.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2566.json b/2020/2xxx/CVE-2020-2566.json index 2218a192d99..6ce5709d4ee 100644 --- a/2020/2xxx/CVE-2020-2566.json +++ b/2020/2xxx/CVE-2020-2566.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2567.json b/2020/2xxx/CVE-2020-2567.json index 9075e6ae114..bc374c8ceef 100644 --- a/2020/2xxx/CVE-2020-2567.json +++ b/2020/2xxx/CVE-2020-2567.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2568.json b/2020/2xxx/CVE-2020-2568.json index 91d45be5a79..f705b783af6 100644 --- a/2020/2xxx/CVE-2020-2568.json +++ b/2020/2xxx/CVE-2020-2568.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.9", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2569.json b/2020/2xxx/CVE-2020-2569.json index 0a9b76526f5..51ba5058846 100644 --- a/2020/2xxx/CVE-2020-2569.json +++ b/2020/2xxx/CVE-2020-2569.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.9", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2570.json b/2020/2xxx/CVE-2020-2570.json index c76981fd336..3d52cf4f673 100644 --- a/2020/2xxx/CVE-2020-2570.json +++ b/2020/2xxx/CVE-2020-2570.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2571.json b/2020/2xxx/CVE-2020-2571.json index c2df03f6452..d808dd53c16 100644 --- a/2020/2xxx/CVE-2020-2571.json +++ b/2020/2xxx/CVE-2020-2571.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.3", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2572.json b/2020/2xxx/CVE-2020-2572.json index a468d26352e..64c6f291802 100644 --- a/2020/2xxx/CVE-2020-2572.json +++ b/2020/2xxx/CVE-2020-2572.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2573.json b/2020/2xxx/CVE-2020-2573.json index a096917ec59..c4d641ab530 100644 --- a/2020/2xxx/CVE-2020-2573.json +++ b/2020/2xxx/CVE-2020-2573.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2574.json b/2020/2xxx/CVE-2020-2574.json index d64e9238a66..c6e6db6a9d5 100644 --- a/2020/2xxx/CVE-2020-2574.json +++ b/2020/2xxx/CVE-2020-2574.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2576.json b/2020/2xxx/CVE-2020-2576.json index c517b987a1e..a27b273edac 100644 --- a/2020/2xxx/CVE-2020-2576.json +++ b/2020/2xxx/CVE-2020-2576.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2577.json b/2020/2xxx/CVE-2020-2577.json index 7cea7f26de4..4d1af0615c7 100644 --- a/2020/2xxx/CVE-2020-2577.json +++ b/2020/2xxx/CVE-2020-2577.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2578.json b/2020/2xxx/CVE-2020-2578.json index e44c71a6b09..3909fbf13a0 100644 --- a/2020/2xxx/CVE-2020-2578.json +++ b/2020/2xxx/CVE-2020-2578.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2579.json b/2020/2xxx/CVE-2020-2579.json index ae30ffe8583..eef6d3e928f 100644 --- a/2020/2xxx/CVE-2020-2579.json +++ b/2020/2xxx/CVE-2020-2579.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2580.json b/2020/2xxx/CVE-2020-2580.json index 54d7f86d490..6e9303b3818 100644 --- a/2020/2xxx/CVE-2020-2580.json +++ b/2020/2xxx/CVE-2020-2580.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2581.json b/2020/2xxx/CVE-2020-2581.json index 1e6b1f4e667..02f5f6ec41f 100644 --- a/2020/2xxx/CVE-2020-2581.json +++ b/2020/2xxx/CVE-2020-2581.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2582.json b/2020/2xxx/CVE-2020-2582.json index 648375318bd..1372d81168e 100644 --- a/2020/2xxx/CVE-2020-2582.json +++ b/2020/2xxx/CVE-2020-2582.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index dd5aa4180cb..9432562c88a 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -43,6 +43,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { @@ -126,6 +133,41 @@ "refsource": "UBUNTU", "name": "USN-4257-1", "url": "https://usn.ubuntu.com/4257-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0465", + "url": "https://access.redhat.com/errata/RHSA-2020:0465" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0470", + "url": "https://access.redhat.com/errata/RHSA-2020:0470" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0467", + "url": "https://access.redhat.com/errata/RHSA-2020:0467" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0469", + "url": "https://access.redhat.com/errata/RHSA-2020:0469" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0468", + "url": "https://access.redhat.com/errata/RHSA-2020:0468" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4621", + "url": "https://www.debian.org/security/2020/dsa-4621" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", + "url": "https://seclists.org/bugtraq/2020/Feb/22" } ] } diff --git a/2020/2xxx/CVE-2020-2584.json b/2020/2xxx/CVE-2020-2584.json index a386c71b760..90e3e59546d 100644 --- a/2020/2xxx/CVE-2020-2584.json +++ b/2020/2xxx/CVE-2020-2584.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.4", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index 86a71ecb10b..86521d032db 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2586.json b/2020/2xxx/CVE-2020-2586.json index 75edf093dc4..11a40fdb4de 100644 --- a/2020/2xxx/CVE-2020-2586.json +++ b/2020/2xxx/CVE-2020-2586.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "9.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2587.json b/2020/2xxx/CVE-2020-2587.json index 7e469a6e677..722a3daa976 100644 --- a/2020/2xxx/CVE-2020-2587.json +++ b/2020/2xxx/CVE-2020-2587.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "9.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2588.json b/2020/2xxx/CVE-2020-2588.json index b3ecba7ddd1..ce662d49754 100644 --- a/2020/2xxx/CVE-2020-2588.json +++ b/2020/2xxx/CVE-2020-2588.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2589.json b/2020/2xxx/CVE-2020-2589.json index 6d9253842d7..ccc9ea07b3a 100644 --- a/2020/2xxx/CVE-2020-2589.json +++ b/2020/2xxx/CVE-2020-2589.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 828ce7f25da..591b5780bf3 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -43,6 +43,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { @@ -126,6 +133,16 @@ "refsource": "UBUNTU", "name": "USN-4257-1", "url": "https://usn.ubuntu.com/4257-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4621", + "url": "https://www.debian.org/security/2020/dsa-4621" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", + "url": "https://seclists.org/bugtraq/2020/Feb/22" } ] } diff --git a/2020/2xxx/CVE-2020-2591.json b/2020/2xxx/CVE-2020-2591.json index 1d93745814f..af69d5fcc4d 100644 --- a/2020/2xxx/CVE-2020-2591.json +++ b/2020/2xxx/CVE-2020-2591.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2592.json b/2020/2xxx/CVE-2020-2592.json index 745cf5a3944..ef46a73f322 100644 --- a/2020/2xxx/CVE-2020-2592.json +++ b/2020/2xxx/CVE-2020-2592.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 9f2c33147e0..1cb9fe4d2aa 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -43,6 +43,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { @@ -126,6 +133,41 @@ "refsource": "UBUNTU", "name": "USN-4257-1", "url": "https://usn.ubuntu.com/4257-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0465", + "url": "https://access.redhat.com/errata/RHSA-2020:0465" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0470", + "url": "https://access.redhat.com/errata/RHSA-2020:0470" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0467", + "url": "https://access.redhat.com/errata/RHSA-2020:0467" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0469", + "url": "https://access.redhat.com/errata/RHSA-2020:0469" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0468", + "url": "https://access.redhat.com/errata/RHSA-2020:0468" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4621", + "url": "https://www.debian.org/security/2020/dsa-4621" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", + "url": "https://seclists.org/bugtraq/2020/Feb/22" } ] } diff --git a/2020/2xxx/CVE-2020-2595.json b/2020/2xxx/CVE-2020-2595.json index 7668d5dc404..5faff84a5d4 100644 --- a/2020/2xxx/CVE-2020-2595.json +++ b/2020/2xxx/CVE-2020-2595.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2596.json b/2020/2xxx/CVE-2020-2596.json index 829383c59c4..b86dc136b8a 100644 --- a/2020/2xxx/CVE-2020-2596.json +++ b/2020/2xxx/CVE-2020-2596.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2597.json b/2020/2xxx/CVE-2020-2597.json index f4428e79072..7c525a65ab2 100644 --- a/2020/2xxx/CVE-2020-2597.json +++ b/2020/2xxx/CVE-2020-2597.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2598.json b/2020/2xxx/CVE-2020-2598.json index 13eda422ce0..021a29ae88e 100644 --- a/2020/2xxx/CVE-2020-2598.json +++ b/2020/2xxx/CVE-2020-2598.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2599.json b/2020/2xxx/CVE-2020-2599.json index 164f7e68075..f60e4a43375 100644 --- a/2020/2xxx/CVE-2020-2599.json +++ b/2020/2xxx/CVE-2020-2599.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.2", + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2600.json b/2020/2xxx/CVE-2020-2600.json index a3e8de7839c..56ba801e95c 100644 --- a/2020/2xxx/CVE-2020-2600.json +++ b/2020/2xxx/CVE-2020-2600.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 4d2afc5cea4..8fa32caa1c1 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -43,6 +43,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { @@ -126,6 +133,16 @@ "refsource": "UBUNTU", "name": "USN-4257-1", "url": "https://usn.ubuntu.com/4257-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4621", + "url": "https://www.debian.org/security/2020/dsa-4621" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", + "url": "https://seclists.org/bugtraq/2020/Feb/22" } ] } diff --git a/2020/2xxx/CVE-2020-2602.json b/2020/2xxx/CVE-2020-2602.json index ea27825b733..34912e5b909 100644 --- a/2020/2xxx/CVE-2020-2602.json +++ b/2020/2xxx/CVE-2020-2602.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2603.json b/2020/2xxx/CVE-2020-2603.json index 3c86e390995..d3db0fd1052 100644 --- a/2020/2xxx/CVE-2020-2603.json +++ b/2020/2xxx/CVE-2020-2603.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 044aa93463a..be3dcced77e 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -43,6 +43,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { @@ -111,6 +118,41 @@ "refsource": "UBUNTU", "name": "USN-4257-1", "url": "https://usn.ubuntu.com/4257-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0465", + "url": "https://access.redhat.com/errata/RHSA-2020:0465" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0470", + "url": "https://access.redhat.com/errata/RHSA-2020:0470" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0467", + "url": "https://access.redhat.com/errata/RHSA-2020:0467" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0469", + "url": "https://access.redhat.com/errata/RHSA-2020:0469" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0468", + "url": "https://access.redhat.com/errata/RHSA-2020:0468" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4621", + "url": "https://www.debian.org/security/2020/dsa-4621" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", + "url": "https://seclists.org/bugtraq/2020/Feb/22" } ] } diff --git a/2020/2xxx/CVE-2020-2605.json b/2020/2xxx/CVE-2020-2605.json index 877bcc7bf76..392f60d510e 100644 --- a/2020/2xxx/CVE-2020-2605.json +++ b/2020/2xxx/CVE-2020-2605.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2606.json b/2020/2xxx/CVE-2020-2606.json index bf9d5b40f17..02f827b1308 100644 --- a/2020/2xxx/CVE-2020-2606.json +++ b/2020/2xxx/CVE-2020-2606.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2607.json b/2020/2xxx/CVE-2020-2607.json index c5dcadcf98d..94880254c67 100644 --- a/2020/2xxx/CVE-2020-2607.json +++ b/2020/2xxx/CVE-2020-2607.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2608.json b/2020/2xxx/CVE-2020-2608.json index 87d7ecb8073..25620ebcb9c 100644 --- a/2020/2xxx/CVE-2020-2608.json +++ b/2020/2xxx/CVE-2020-2608.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2609.json b/2020/2xxx/CVE-2020-2609.json index 2971e1fc080..58a1fa9e704 100644 --- a/2020/2xxx/CVE-2020-2609.json +++ b/2020/2xxx/CVE-2020-2609.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2610.json b/2020/2xxx/CVE-2020-2610.json index 3248baa9bb9..23123d51240 100644 --- a/2020/2xxx/CVE-2020-2610.json +++ b/2020/2xxx/CVE-2020-2610.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2611.json b/2020/2xxx/CVE-2020-2611.json index 81ebe9f4940..7cc4a90fc55 100644 --- a/2020/2xxx/CVE-2020-2611.json +++ b/2020/2xxx/CVE-2020-2611.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2612.json b/2020/2xxx/CVE-2020-2612.json index 648f97a812d..9528025df33 100644 --- a/2020/2xxx/CVE-2020-2612.json +++ b/2020/2xxx/CVE-2020-2612.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2613.json b/2020/2xxx/CVE-2020-2613.json index a9c2a833f7f..dcf06510962 100644 --- a/2020/2xxx/CVE-2020-2613.json +++ b/2020/2xxx/CVE-2020-2613.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2614.json b/2020/2xxx/CVE-2020-2614.json index 2f6a1f12a85..bfeb7cbe9fb 100644 --- a/2020/2xxx/CVE-2020-2614.json +++ b/2020/2xxx/CVE-2020-2614.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2615.json b/2020/2xxx/CVE-2020-2615.json index 3e7205b1d89..05570d34cc5 100644 --- a/2020/2xxx/CVE-2020-2615.json +++ b/2020/2xxx/CVE-2020-2615.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2616.json b/2020/2xxx/CVE-2020-2616.json index f30987f53b9..50343119fa9 100644 --- a/2020/2xxx/CVE-2020-2616.json +++ b/2020/2xxx/CVE-2020-2616.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2617.json b/2020/2xxx/CVE-2020-2617.json index 8d6f3168f06..418894e2dca 100644 --- a/2020/2xxx/CVE-2020-2617.json +++ b/2020/2xxx/CVE-2020-2617.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2618.json b/2020/2xxx/CVE-2020-2618.json index 04f6fac44aa..12230776753 100644 --- a/2020/2xxx/CVE-2020-2618.json +++ b/2020/2xxx/CVE-2020-2618.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2619.json b/2020/2xxx/CVE-2020-2619.json index 634103bd779..0d48b5eee67 100644 --- a/2020/2xxx/CVE-2020-2619.json +++ b/2020/2xxx/CVE-2020-2619.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2620.json b/2020/2xxx/CVE-2020-2620.json index 9162c754ec8..91169859011 100644 --- a/2020/2xxx/CVE-2020-2620.json +++ b/2020/2xxx/CVE-2020-2620.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2621.json b/2020/2xxx/CVE-2020-2621.json index 9abdb5cc057..ac28353796e 100644 --- a/2020/2xxx/CVE-2020-2621.json +++ b/2020/2xxx/CVE-2020-2621.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2622.json b/2020/2xxx/CVE-2020-2622.json index 9df1cf01ebc..45db2b70ba1 100644 --- a/2020/2xxx/CVE-2020-2622.json +++ b/2020/2xxx/CVE-2020-2622.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2623.json b/2020/2xxx/CVE-2020-2623.json index 88694f1eae6..79d0696c342 100644 --- a/2020/2xxx/CVE-2020-2623.json +++ b/2020/2xxx/CVE-2020-2623.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2624.json b/2020/2xxx/CVE-2020-2624.json index bb86411f2d9..f413d203a04 100644 --- a/2020/2xxx/CVE-2020-2624.json +++ b/2020/2xxx/CVE-2020-2624.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2625.json b/2020/2xxx/CVE-2020-2625.json index 437799b0d97..6cf5bc31e23 100644 --- a/2020/2xxx/CVE-2020-2625.json +++ b/2020/2xxx/CVE-2020-2625.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2626.json b/2020/2xxx/CVE-2020-2626.json index 99d09edaaaf..6812f7b7357 100644 --- a/2020/2xxx/CVE-2020-2626.json +++ b/2020/2xxx/CVE-2020-2626.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2627.json b/2020/2xxx/CVE-2020-2627.json index 7671792e442..4067a74c766 100644 --- a/2020/2xxx/CVE-2020-2627.json +++ b/2020/2xxx/CVE-2020-2627.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2628.json b/2020/2xxx/CVE-2020-2628.json index 8484a6f3cc7..76e69222263 100644 --- a/2020/2xxx/CVE-2020-2628.json +++ b/2020/2xxx/CVE-2020-2628.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2629.json b/2020/2xxx/CVE-2020-2629.json index b2eb3fc1615..5ff3d32accc 100644 --- a/2020/2xxx/CVE-2020-2629.json +++ b/2020/2xxx/CVE-2020-2629.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2630.json b/2020/2xxx/CVE-2020-2630.json index f6a2e2c5bf3..b8642389f21 100644 --- a/2020/2xxx/CVE-2020-2630.json +++ b/2020/2xxx/CVE-2020-2630.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2631.json b/2020/2xxx/CVE-2020-2631.json index dc0ef918189..8e62d4632c7 100644 --- a/2020/2xxx/CVE-2020-2631.json +++ b/2020/2xxx/CVE-2020-2631.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2632.json b/2020/2xxx/CVE-2020-2632.json index 38bb2b72f59..f7c730600db 100644 --- a/2020/2xxx/CVE-2020-2632.json +++ b/2020/2xxx/CVE-2020-2632.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2633.json b/2020/2xxx/CVE-2020-2633.json index 18cde616211..f77cf1fd362 100644 --- a/2020/2xxx/CVE-2020-2633.json +++ b/2020/2xxx/CVE-2020-2633.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2634.json b/2020/2xxx/CVE-2020-2634.json index fb3f7ab5568..aecc32e0749 100644 --- a/2020/2xxx/CVE-2020-2634.json +++ b/2020/2xxx/CVE-2020-2634.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2635.json b/2020/2xxx/CVE-2020-2635.json index b78ed3db116..e6915b7b446 100644 --- a/2020/2xxx/CVE-2020-2635.json +++ b/2020/2xxx/CVE-2020-2635.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2636.json b/2020/2xxx/CVE-2020-2636.json index b94f8784d92..29c46f5cebd 100644 --- a/2020/2xxx/CVE-2020-2636.json +++ b/2020/2xxx/CVE-2020-2636.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2637.json b/2020/2xxx/CVE-2020-2637.json index a43f29ab6ff..74091ad611f 100644 --- a/2020/2xxx/CVE-2020-2637.json +++ b/2020/2xxx/CVE-2020-2637.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2638.json b/2020/2xxx/CVE-2020-2638.json index bb1066a3ff1..341d8c160d3 100644 --- a/2020/2xxx/CVE-2020-2638.json +++ b/2020/2xxx/CVE-2020-2638.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2639.json b/2020/2xxx/CVE-2020-2639.json index edc961eb49b..09cb5bd7ca3 100644 --- a/2020/2xxx/CVE-2020-2639.json +++ b/2020/2xxx/CVE-2020-2639.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2640.json b/2020/2xxx/CVE-2020-2640.json index d16a1f82b2c..0598ed4ada4 100644 --- a/2020/2xxx/CVE-2020-2640.json +++ b/2020/2xxx/CVE-2020-2640.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2641.json b/2020/2xxx/CVE-2020-2641.json index b1db6e66ed5..41cee6256c1 100644 --- a/2020/2xxx/CVE-2020-2641.json +++ b/2020/2xxx/CVE-2020-2641.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2642.json b/2020/2xxx/CVE-2020-2642.json index d7f0da8fc6c..2895ae7bc80 100644 --- a/2020/2xxx/CVE-2020-2642.json +++ b/2020/2xxx/CVE-2020-2642.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2643.json b/2020/2xxx/CVE-2020-2643.json index a322acc7e5c..66d5dd431a7 100644 --- a/2020/2xxx/CVE-2020-2643.json +++ b/2020/2xxx/CVE-2020-2643.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2644.json b/2020/2xxx/CVE-2020-2644.json index d6bf7614fb2..ab310d08164 100644 --- a/2020/2xxx/CVE-2020-2644.json +++ b/2020/2xxx/CVE-2020-2644.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2645.json b/2020/2xxx/CVE-2020-2645.json index d2c977336c0..da073ec2805 100644 --- a/2020/2xxx/CVE-2020-2645.json +++ b/2020/2xxx/CVE-2020-2645.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2646.json b/2020/2xxx/CVE-2020-2646.json index c59636e8248..ebc61eb2c69 100644 --- a/2020/2xxx/CVE-2020-2646.json +++ b/2020/2xxx/CVE-2020-2646.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2647.json b/2020/2xxx/CVE-2020-2647.json index 70ef9d01e74..fff97adeea7 100644 --- a/2020/2xxx/CVE-2020-2647.json +++ b/2020/2xxx/CVE-2020-2647.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2648.json b/2020/2xxx/CVE-2020-2648.json index a086d88e1a7..1686396ece6 100644 --- a/2020/2xxx/CVE-2020-2648.json +++ b/2020/2xxx/CVE-2020-2648.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.2", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2649.json b/2020/2xxx/CVE-2020-2649.json index 4e747362b50..953541ab582 100644 --- a/2020/2xxx/CVE-2020-2649.json +++ b/2020/2xxx/CVE-2020-2649.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.3", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2650.json b/2020/2xxx/CVE-2020-2650.json index 2f7f228e358..3929a6696c1 100644 --- a/2020/2xxx/CVE-2020-2650.json +++ b/2020/2xxx/CVE-2020-2650.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2651.json b/2020/2xxx/CVE-2020-2651.json index 06c47116fe4..05d032fc119 100644 --- a/2020/2xxx/CVE-2020-2651.json +++ b/2020/2xxx/CVE-2020-2651.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2652.json b/2020/2xxx/CVE-2020-2652.json index 731dc41982c..2f914e3af4a 100644 --- a/2020/2xxx/CVE-2020-2652.json +++ b/2020/2xxx/CVE-2020-2652.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2653.json b/2020/2xxx/CVE-2020-2653.json index 47df3b84d81..09402df99ec 100644 --- a/2020/2xxx/CVE-2020-2653.json +++ b/2020/2xxx/CVE-2020-2653.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index 5a64199489e..dbaf7e156ec 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -39,6 +39,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { @@ -122,6 +129,16 @@ "refsource": "UBUNTU", "name": "USN-4257-1", "url": "https://usn.ubuntu.com/4257-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4621", + "url": "https://www.debian.org/security/2020/dsa-4621" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", + "url": "https://seclists.org/bugtraq/2020/Feb/22" } ] } diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index a2818de68c7..f47f1aa71d5 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index e3ab24e9edb..3db71ac1f86 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.4", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2657.json b/2020/2xxx/CVE-2020-2657.json index 63bc5682d81..ebe77cf66b6 100644 --- a/2020/2xxx/CVE-2020-2657.json +++ b/2020/2xxx/CVE-2020-2657.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2658.json b/2020/2xxx/CVE-2020-2658.json index 964a8c1a64e..4b43c4ed6af 100644 --- a/2020/2xxx/CVE-2020-2658.json +++ b/2020/2xxx/CVE-2020-2658.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 6f573e4fe96..920275ee636 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -43,6 +43,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { @@ -96,6 +103,41 @@ "refsource": "UBUNTU", "name": "USN-4257-1", "url": "https://usn.ubuntu.com/4257-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0465", + "url": "https://access.redhat.com/errata/RHSA-2020:0465" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0470", + "url": "https://access.redhat.com/errata/RHSA-2020:0470" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0467", + "url": "https://access.redhat.com/errata/RHSA-2020:0467" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0469", + "url": "https://access.redhat.com/errata/RHSA-2020:0469" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0468", + "url": "https://access.redhat.com/errata/RHSA-2020:0468" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4621", + "url": "https://www.debian.org/security/2020/dsa-4621" + }, + { + "refsource": "BUGTRAQ", + "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", + "url": "https://seclists.org/bugtraq/2020/Feb/22" } ] } diff --git a/2020/2xxx/CVE-2020-2660.json b/2020/2xxx/CVE-2020-2660.json index 78590a48fa4..1acbe44a8f3 100644 --- a/2020/2xxx/CVE-2020-2660.json +++ b/2020/2xxx/CVE-2020-2660.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2661.json b/2020/2xxx/CVE-2020-2661.json index c32fab0afc1..3df7578965e 100644 --- a/2020/2xxx/CVE-2020-2661.json +++ b/2020/2xxx/CVE-2020-2661.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2662.json b/2020/2xxx/CVE-2020-2662.json index 993014b7443..8143cd71f10 100644 --- a/2020/2xxx/CVE-2020-2662.json +++ b/2020/2xxx/CVE-2020-2662.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2663.json b/2020/2xxx/CVE-2020-2663.json index d8ea14da8dd..0e90f0407a8 100644 --- a/2020/2xxx/CVE-2020-2663.json +++ b/2020/2xxx/CVE-2020-2663.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2664.json b/2020/2xxx/CVE-2020-2664.json index 7507406c316..9d00d35f95b 100644 --- a/2020/2xxx/CVE-2020-2664.json +++ b/2020/2xxx/CVE-2020-2664.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.6", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2665.json b/2020/2xxx/CVE-2020-2665.json index b9e4c5a7df4..d563eb20a80 100644 --- a/2020/2xxx/CVE-2020-2665.json +++ b/2020/2xxx/CVE-2020-2665.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2666.json b/2020/2xxx/CVE-2020-2666.json index 84ae4e1a0c9..a92815c1675 100644 --- a/2020/2xxx/CVE-2020-2666.json +++ b/2020/2xxx/CVE-2020-2666.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2667.json b/2020/2xxx/CVE-2020-2667.json index 5c603c96007..0324b3ab6b0 100644 --- a/2020/2xxx/CVE-2020-2667.json +++ b/2020/2xxx/CVE-2020-2667.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2668.json b/2020/2xxx/CVE-2020-2668.json index 04ff8fb8941..12e0af784b1 100644 --- a/2020/2xxx/CVE-2020-2668.json +++ b/2020/2xxx/CVE-2020-2668.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2669.json b/2020/2xxx/CVE-2020-2669.json index de9d5de3de7..71ec58fbd94 100644 --- a/2020/2xxx/CVE-2020-2669.json +++ b/2020/2xxx/CVE-2020-2669.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2670.json b/2020/2xxx/CVE-2020-2670.json index 52fa8fecafa..19da00e5a83 100644 --- a/2020/2xxx/CVE-2020-2670.json +++ b/2020/2xxx/CVE-2020-2670.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2671.json b/2020/2xxx/CVE-2020-2671.json index e683a241369..18d62fbb951 100644 --- a/2020/2xxx/CVE-2020-2671.json +++ b/2020/2xxx/CVE-2020-2671.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2672.json b/2020/2xxx/CVE-2020-2672.json index a209425dd0a..1f3b8cae92a 100644 --- a/2020/2xxx/CVE-2020-2672.json +++ b/2020/2xxx/CVE-2020-2672.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2673.json b/2020/2xxx/CVE-2020-2673.json index 16d661ccb44..ef43918c8fc 100644 --- a/2020/2xxx/CVE-2020-2673.json +++ b/2020/2xxx/CVE-2020-2673.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2674.json b/2020/2xxx/CVE-2020-2674.json index d57ee15a155..f8fc5b12ce9 100644 --- a/2020/2xxx/CVE-2020-2674.json +++ b/2020/2xxx/CVE-2020-2674.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2675.json b/2020/2xxx/CVE-2020-2675.json index 300305e6fdb..23343865823 100644 --- a/2020/2xxx/CVE-2020-2675.json +++ b/2020/2xxx/CVE-2020-2675.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2676.json b/2020/2xxx/CVE-2020-2676.json index f3ed7e397ec..168a4c0c3ca 100644 --- a/2020/2xxx/CVE-2020-2676.json +++ b/2020/2xxx/CVE-2020-2676.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2677.json b/2020/2xxx/CVE-2020-2677.json index f39121a9d00..a46c4c1ec43 100644 --- a/2020/2xxx/CVE-2020-2677.json +++ b/2020/2xxx/CVE-2020-2677.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2678.json b/2020/2xxx/CVE-2020-2678.json index d706d978fa8..3e0f616652a 100644 --- a/2020/2xxx/CVE-2020-2678.json +++ b/2020/2xxx/CVE-2020-2678.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.4", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2679.json b/2020/2xxx/CVE-2020-2679.json index 2f4a2d80507..a4cc322123e 100644 --- a/2020/2xxx/CVE-2020-2679.json +++ b/2020/2xxx/CVE-2020-2679.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2680.json b/2020/2xxx/CVE-2020-2680.json index 169bcf01d18..8b0a01acdde 100644 --- a/2020/2xxx/CVE-2020-2680.json +++ b/2020/2xxx/CVE-2020-2680.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2681.json b/2020/2xxx/CVE-2020-2681.json index 569c6a27866..50e0f2372f9 100644 --- a/2020/2xxx/CVE-2020-2681.json +++ b/2020/2xxx/CVE-2020-2681.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2682.json b/2020/2xxx/CVE-2020-2682.json index 1e11e707841..8b6603a290f 100644 --- a/2020/2xxx/CVE-2020-2682.json +++ b/2020/2xxx/CVE-2020-2682.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2683.json b/2020/2xxx/CVE-2020-2683.json index 105591ab7c9..622926eb7d8 100644 --- a/2020/2xxx/CVE-2020-2683.json +++ b/2020/2xxx/CVE-2020-2683.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2684.json b/2020/2xxx/CVE-2020-2684.json index a16d72ab10b..6809b9600b3 100644 --- a/2020/2xxx/CVE-2020-2684.json +++ b/2020/2xxx/CVE-2020-2684.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2685.json b/2020/2xxx/CVE-2020-2685.json index 1d94b8e60df..472bf77c198 100644 --- a/2020/2xxx/CVE-2020-2685.json +++ b/2020/2xxx/CVE-2020-2685.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2686.json b/2020/2xxx/CVE-2020-2686.json index f9960e2b8bc..7ba94fbc57a 100644 --- a/2020/2xxx/CVE-2020-2686.json +++ b/2020/2xxx/CVE-2020-2686.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2687.json b/2020/2xxx/CVE-2020-2687.json index c7c47bbb24e..6432f75de81 100644 --- a/2020/2xxx/CVE-2020-2687.json +++ b/2020/2xxx/CVE-2020-2687.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2688.json b/2020/2xxx/CVE-2020-2688.json index 13389f92c45..b767964a6e6 100644 --- a/2020/2xxx/CVE-2020-2688.json +++ b/2020/2xxx/CVE-2020-2688.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2689.json b/2020/2xxx/CVE-2020-2689.json index db7abc2f7b5..01cce41490b 100644 --- a/2020/2xxx/CVE-2020-2689.json +++ b/2020/2xxx/CVE-2020-2689.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2690.json b/2020/2xxx/CVE-2020-2690.json index 1a2932c0b16..5e76bdfaf6f 100644 --- a/2020/2xxx/CVE-2020-2690.json +++ b/2020/2xxx/CVE-2020-2690.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2691.json b/2020/2xxx/CVE-2020-2691.json index c7103bf3a3d..d1503764d09 100644 --- a/2020/2xxx/CVE-2020-2691.json +++ b/2020/2xxx/CVE-2020-2691.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2692.json b/2020/2xxx/CVE-2020-2692.json index 96cd86eb09c..f1e3095b41e 100644 --- a/2020/2xxx/CVE-2020-2692.json +++ b/2020/2xxx/CVE-2020-2692.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2693.json b/2020/2xxx/CVE-2020-2693.json index 66be4ff5850..571adcae864 100644 --- a/2020/2xxx/CVE-2020-2693.json +++ b/2020/2xxx/CVE-2020-2693.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2694.json b/2020/2xxx/CVE-2020-2694.json index 347cc76c84b..10ad2678a4b 100644 --- a/2020/2xxx/CVE-2020-2694.json +++ b/2020/2xxx/CVE-2020-2694.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.1", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2695.json b/2020/2xxx/CVE-2020-2695.json index 77e37b2c676..3c3dc862e0a 100644 --- a/2020/2xxx/CVE-2020-2695.json +++ b/2020/2xxx/CVE-2020-2695.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 0bb050bb23a..0e35eeac5bc 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2697.json b/2020/2xxx/CVE-2020-2697.json index 3c060065a2e..0a52ddf8855 100644 --- a/2020/2xxx/CVE-2020-2697.json +++ b/2020/2xxx/CVE-2020-2697.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2698.json b/2020/2xxx/CVE-2020-2698.json index f9f66698448..9a303fb5979 100644 --- a/2020/2xxx/CVE-2020-2698.json +++ b/2020/2xxx/CVE-2020-2698.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2699.json b/2020/2xxx/CVE-2020-2699.json index af5bf9a8761..2af812a2fec 100644 --- a/2020/2xxx/CVE-2020-2699.json +++ b/2020/2xxx/CVE-2020-2699.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2700.json b/2020/2xxx/CVE-2020-2700.json index b6e8a8b4660..f8b480acf27 100644 --- a/2020/2xxx/CVE-2020-2700.json +++ b/2020/2xxx/CVE-2020-2700.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2701.json b/2020/2xxx/CVE-2020-2701.json index f9aab36e1d4..d0da8ed8e7b 100644 --- a/2020/2xxx/CVE-2020-2701.json +++ b/2020/2xxx/CVE-2020-2701.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2702.json b/2020/2xxx/CVE-2020-2702.json index 1b3a025a098..266631db28d 100644 --- a/2020/2xxx/CVE-2020-2702.json +++ b/2020/2xxx/CVE-2020-2702.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2703.json b/2020/2xxx/CVE-2020-2703.json index 998ffad64b8..b113193b940 100644 --- a/2020/2xxx/CVE-2020-2703.json +++ b/2020/2xxx/CVE-2020-2703.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2704.json b/2020/2xxx/CVE-2020-2704.json index 29662163ced..7493e95c55c 100644 --- a/2020/2xxx/CVE-2020-2704.json +++ b/2020/2xxx/CVE-2020-2704.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2705.json b/2020/2xxx/CVE-2020-2705.json index 79b27dc4e66..052f4452c25 100644 --- a/2020/2xxx/CVE-2020-2705.json +++ b/2020/2xxx/CVE-2020-2705.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2707.json b/2020/2xxx/CVE-2020-2707.json index 3fc8099060b..cc71f3db072 100644 --- a/2020/2xxx/CVE-2020-2707.json +++ b/2020/2xxx/CVE-2020-2707.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -55,6 +56,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2709.json b/2020/2xxx/CVE-2020-2709.json index 5490967d372..8c0b46ed283 100644 --- a/2020/2xxx/CVE-2020-2709.json +++ b/2020/2xxx/CVE-2020-2709.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2710.json b/2020/2xxx/CVE-2020-2710.json index 5a90ecbdf0f..b5768549f17 100644 --- a/2020/2xxx/CVE-2020-2710.json +++ b/2020/2xxx/CVE-2020-2710.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2711.json b/2020/2xxx/CVE-2020-2711.json index 385eb2749d8..f9cf3c5f659 100644 --- a/2020/2xxx/CVE-2020-2711.json +++ b/2020/2xxx/CVE-2020-2711.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2712.json b/2020/2xxx/CVE-2020-2712.json index 119d492372e..572ea910a29 100644 --- a/2020/2xxx/CVE-2020-2712.json +++ b/2020/2xxx/CVE-2020-2712.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2713.json b/2020/2xxx/CVE-2020-2713.json index c895332df34..15f009e77f3 100644 --- a/2020/2xxx/CVE-2020-2713.json +++ b/2020/2xxx/CVE-2020-2713.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2714.json b/2020/2xxx/CVE-2020-2714.json index 7d5f38d1482..cf29f39167a 100644 --- a/2020/2xxx/CVE-2020-2714.json +++ b/2020/2xxx/CVE-2020-2714.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2715.json b/2020/2xxx/CVE-2020-2715.json index 70eabb994df..9a1ac971374 100644 --- a/2020/2xxx/CVE-2020-2715.json +++ b/2020/2xxx/CVE-2020-2715.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2716.json b/2020/2xxx/CVE-2020-2716.json index 5e7db22f8f2..7bfe27fde3b 100644 --- a/2020/2xxx/CVE-2020-2716.json +++ b/2020/2xxx/CVE-2020-2716.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2717.json b/2020/2xxx/CVE-2020-2717.json index 256bec0ba8b..53d7b02f04f 100644 --- a/2020/2xxx/CVE-2020-2717.json +++ b/2020/2xxx/CVE-2020-2717.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2718.json b/2020/2xxx/CVE-2020-2718.json index 53789a7a51f..95243d64657 100644 --- a/2020/2xxx/CVE-2020-2718.json +++ b/2020/2xxx/CVE-2020-2718.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2719.json b/2020/2xxx/CVE-2020-2719.json index 03d1c713658..06bb6e02beb 100644 --- a/2020/2xxx/CVE-2020-2719.json +++ b/2020/2xxx/CVE-2020-2719.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2720.json b/2020/2xxx/CVE-2020-2720.json index 0408e56b61a..db7fc178fd8 100644 --- a/2020/2xxx/CVE-2020-2720.json +++ b/2020/2xxx/CVE-2020-2720.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2721.json b/2020/2xxx/CVE-2020-2721.json index 3db59f88c77..9f8ddad9f5b 100644 --- a/2020/2xxx/CVE-2020-2721.json +++ b/2020/2xxx/CVE-2020-2721.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2722.json b/2020/2xxx/CVE-2020-2722.json index f98ef5a1455..b2a34d9829c 100644 --- a/2020/2xxx/CVE-2020-2722.json +++ b/2020/2xxx/CVE-2020-2722.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2723.json b/2020/2xxx/CVE-2020-2723.json index 22ddb2d61d8..769c1b13d6c 100644 --- a/2020/2xxx/CVE-2020-2723.json +++ b/2020/2xxx/CVE-2020-2723.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2724.json b/2020/2xxx/CVE-2020-2724.json index 8d9e5f8e205..93a873daa37 100644 --- a/2020/2xxx/CVE-2020-2724.json +++ b/2020/2xxx/CVE-2020-2724.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2725.json b/2020/2xxx/CVE-2020-2725.json index 356c53b8be6..84eb6ad2595 100644 --- a/2020/2xxx/CVE-2020-2725.json +++ b/2020/2xxx/CVE-2020-2725.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2726.json b/2020/2xxx/CVE-2020-2726.json index f11853beb01..230907f5995 100644 --- a/2020/2xxx/CVE-2020-2726.json +++ b/2020/2xxx/CVE-2020-2726.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2727.json b/2020/2xxx/CVE-2020-2727.json index 0cfb16ce0fa..6ad24100e98 100644 --- a/2020/2xxx/CVE-2020-2727.json +++ b/2020/2xxx/CVE-2020-2727.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2728.json b/2020/2xxx/CVE-2020-2728.json index fa9b8edf03a..f95434abe75 100644 --- a/2020/2xxx/CVE-2020-2728.json +++ b/2020/2xxx/CVE-2020-2728.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -39,6 +40,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2729.json b/2020/2xxx/CVE-2020-2729.json index c78a4672824..62e83268102 100644 --- a/2020/2xxx/CVE-2020-2729.json +++ b/2020/2xxx/CVE-2020-2729.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -43,6 +44,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2730.json b/2020/2xxx/CVE-2020-2730.json index 33239f6f309..189161c95b7 100644 --- a/2020/2xxx/CVE-2020-2730.json +++ b/2020/2xxx/CVE-2020-2730.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -47,6 +48,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/2xxx/CVE-2020-2731.json b/2020/2xxx/CVE-2020-2731.json index b7d933f06c7..7ff6d831633 100644 --- a/2020/2xxx/CVE-2020-2731.json +++ b/2020/2xxx/CVE-2020-2731.json @@ -1,3 +1,4 @@ + { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -51,6 +52,13 @@ } ] }, + "impact": { + "cvss": { + "baseScore": "3.9", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "version": "3.0" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2020/3xxx/CVE-2020-3110.json b/2020/3xxx/CVE-2020-3110.json index 9121028c952..b2a6c4b8fea 100644 --- a/2020/3xxx/CVE-2020-3110.json +++ b/2020/3xxx/CVE-2020-3110.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Video Surveillance 8000 Series IP Cameras ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.0.7" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200205 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", + "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200205-ipcameras-rce-dos", + "defect": [ + [ + "CSCvr96127" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3111.json b/2020/3xxx/CVE-2020-3111.json index e496cac7a77..f48d6229afe 100644 --- a/2020/3xxx/CVE-2020-3111.json +++ b/2020/3xxx/CVE-2020-3111.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IP phone ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "12.7(1)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", + "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200205-voip-phones-rce-dos", + "defect": [ + [ + "CSCvr96057", + "CSCvr96058", + "CSCvr96059", + "CSCvr96060", + "CSCvr96063", + "CSCvr96064", + "CSCvr96065", + "CSCvr96066", + "CSCvr96067", + "CSCvr96069", + "CSCvr96070", + "CSCvr96071", + "CSCvr96738", + "CSCvr96739" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3118.json b/2020/3xxx/CVE-2020-3118.json index 515f6073f1c..05d2b90a0ef 100644 --- a/2020/3xxx/CVE-2020-3118.json +++ b/2020/3xxx/CVE-2020-3118.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.6.3" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200205 Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", + "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200205-iosxr-cdp-rce", + "defect": [ + [ + "CSCvr09190" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3119.json b/2020/3xxx/CVE-2020-3119.json index 4f2163db5b6..fba6f236126 100644 --- a/2020/3xxx/CVE-2020-3119.json +++ b/2020/3xxx/CVE-2020-3119.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Computing System (Managed) ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "9.3(2)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200205 Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", + "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200205-nxos-cdp-rce", + "defect": [ + [ + "CSCvr09175", + "CSCvr09531", + "CSCvr09539", + "CSCvr09544", + "CSCvr09555" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3120.json b/2020/3xxx/CVE-2020-3120.json index 10ca6fb5e5f..ada6a8f1cce 100644 --- a/2020/3xxx/CVE-2020-3120.json +++ b/2020/3xxx/CVE-2020-3120.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.3.1.173" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about the vulnerability that is described in this advisory. Cisco PSIRT is not aware of any malicious use of this vulnerability. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200205 Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", + "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200205-fxnxos-iosxr-cdp-dos", + "defect": [ + [ + "CSCvr14976", + "CSCvr15024", + "CSCvr15072", + "CSCvr15073", + "CSCvr15078", + "CSCvr15079", + "CSCvr15082", + "CSCvr15083", + "CSCvr15111" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3123.json b/2020/3xxx/CVE-2020-3123.json index 942efaca481..9716455ec47 100644 --- a/2020/3xxx/CVE-2020-3123.json +++ b/2020/3xxx/CVE-2020-3123.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:10:00.000Z", "ID": "CVE-2020-3123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ClamAV", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.102.1" + }, + { + "version_affected": "=", + "version_value": "0.102.1" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062", + "refsource": "CISCO", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062" + }, + { + "refsource": "CONFIRM", + "name": "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html", + "url": "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html" + } + ] + }, + "source": { + "advisory": "CSCvs59062", + "defect": [ + "CSCvs59062" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3149.json b/2020/3xxx/CVE-2020-3149.json index b43a6701ac2..649c6782980 100644 --- a/2020/3xxx/CVE-2020-3149.json +++ b/2020/3xxx/CVE-2020-3149.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing malicious data to a specific field within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco ISE Software releases 2.7.0 and later contains the fix for this vulnerability." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200205 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-DxJsRWRx" + } + ] + }, + "source": { + "advisory": "cisco-sa-ise-xss-DxJsRWRx", + "defect": [ + [ + "CSCvs65467" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2020/3xxx/CVE-2020-3720.json b/2020/3xxx/CVE-2020-3720.json index 97b461ca0fc..a985b1908db 100644 --- a/2020/3xxx/CVE-2020-3720.json +++ b/2020/3xxx/CVE-2020-3720.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3720", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3721.json b/2020/3xxx/CVE-2020-3721.json index 2b31ce0c4aa..db7a2f18d9c 100644 --- a/2020/3xxx/CVE-2020-3721.json +++ b/2020/3xxx/CVE-2020-3721.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3721", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3722.json b/2020/3xxx/CVE-2020-3722.json index a3b7d8231c6..486331c7a28 100644 --- a/2020/3xxx/CVE-2020-3722.json +++ b/2020/3xxx/CVE-2020-3722.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3722", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3723.json b/2020/3xxx/CVE-2020-3723.json index e5a3ebd6e0f..602916a6977 100644 --- a/2020/3xxx/CVE-2020-3723.json +++ b/2020/3xxx/CVE-2020-3723.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3723", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3724.json b/2020/3xxx/CVE-2020-3724.json index 0c4d0cfd479..46c006eaa50 100644 --- a/2020/3xxx/CVE-2020-3724.json +++ b/2020/3xxx/CVE-2020-3724.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3724", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3725.json b/2020/3xxx/CVE-2020-3725.json index 070d5de2927..9e7af8730bf 100644 --- a/2020/3xxx/CVE-2020-3725.json +++ b/2020/3xxx/CVE-2020-3725.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3725", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3726.json b/2020/3xxx/CVE-2020-3726.json index 629b5014045..5804430a0a3 100644 --- a/2020/3xxx/CVE-2020-3726.json +++ b/2020/3xxx/CVE-2020-3726.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3726", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3727.json b/2020/3xxx/CVE-2020-3727.json index 69cf5097161..9b75526a51b 100644 --- a/2020/3xxx/CVE-2020-3727.json +++ b/2020/3xxx/CVE-2020-3727.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3727", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3728.json b/2020/3xxx/CVE-2020-3728.json index 51f7a5ec9fd..cb1fb73ac38 100644 --- a/2020/3xxx/CVE-2020-3728.json +++ b/2020/3xxx/CVE-2020-3728.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3728", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3729.json b/2020/3xxx/CVE-2020-3729.json index fa8ac1cb166..b7585672091 100644 --- a/2020/3xxx/CVE-2020-3729.json +++ b/2020/3xxx/CVE-2020-3729.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3729", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3730.json b/2020/3xxx/CVE-2020-3730.json index 51d24237eab..c8c6e75b1fd 100644 --- a/2020/3xxx/CVE-2020-3730.json +++ b/2020/3xxx/CVE-2020-3730.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3730", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3731.json b/2020/3xxx/CVE-2020-3731.json index e3d4c8cdc1b..c0cbb5f5fa7 100644 --- a/2020/3xxx/CVE-2020-3731.json +++ b/2020/3xxx/CVE-2020-3731.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3731", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3732.json b/2020/3xxx/CVE-2020-3732.json index 97e063c1062..d8b38107523 100644 --- a/2020/3xxx/CVE-2020-3732.json +++ b/2020/3xxx/CVE-2020-3732.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3732", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3733.json b/2020/3xxx/CVE-2020-3733.json index a360a570e9b..2f904128174 100644 --- a/2020/3xxx/CVE-2020-3733.json +++ b/2020/3xxx/CVE-2020-3733.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3733", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3734.json b/2020/3xxx/CVE-2020-3734.json index 6953d5b878d..f2df7e43088 100644 --- a/2020/3xxx/CVE-2020-3734.json +++ b/2020/3xxx/CVE-2020-3734.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Error " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3734", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3735.json b/2020/3xxx/CVE-2020-3735.json index 24039cf3fc6..e5c003b7158 100644 --- a/2020/3xxx/CVE-2020-3735.json +++ b/2020/3xxx/CVE-2020-3735.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3735", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3736.json b/2020/3xxx/CVE-2020-3736.json index 51288f38330..c91077239cb 100644 --- a/2020/3xxx/CVE-2020-3736.json +++ b/2020/3xxx/CVE-2020-3736.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3736", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3737.json b/2020/3xxx/CVE-2020-3737.json index 039bd486ac4..dbba804244c 100644 --- a/2020/3xxx/CVE-2020-3737.json +++ b/2020/3xxx/CVE-2020-3737.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3737", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3738.json b/2020/3xxx/CVE-2020-3738.json index ba4b1c70643..ac58f5bcdd4 100644 --- a/2020/3xxx/CVE-2020-3738.json +++ b/2020/3xxx/CVE-2020-3738.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Write " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3738", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3739.json b/2020/3xxx/CVE-2020-3739.json index b4c6d1822d4..4ed7b277ea1 100644 --- a/2020/3xxx/CVE-2020-3739.json +++ b/2020/3xxx/CVE-2020-3739.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3739", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3740.json b/2020/3xxx/CVE-2020-3740.json index 628e8b425cc..a1736cbbd84 100644 --- a/2020/3xxx/CVE-2020-3740.json +++ b/2020/3xxx/CVE-2020-3740.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.0.4 and below versions" + } + ] + }, + "product_name": "Adobe Framemaker" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb20-04.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3740", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3741.json b/2020/3xxx/CVE-2020-3741.json index 5aef25f03a3..4fe7f656164 100644 --- a/2020/3xxx/CVE-2020-3741.json +++ b/2020/3xxx/CVE-2020-3741.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, and 6.4 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-08.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-08.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3741", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3742.json b/2020/3xxx/CVE-2020-3742.json index 5f685425f75..280d4912be6 100644 --- a/2020/3xxx/CVE-2020-3742.json +++ b/2020/3xxx/CVE-2020-3742.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3742", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3743.json b/2020/3xxx/CVE-2020-3743.json index ab991a2a683..f22332ff2da 100644 --- a/2020/3xxx/CVE-2020-3743.json +++ b/2020/3xxx/CVE-2020-3743.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3743", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3744.json b/2020/3xxx/CVE-2020-3744.json index 2cde73e16ea..7ca51e52ba8 100644 --- a/2020/3xxx/CVE-2020-3744.json +++ b/2020/3xxx/CVE-2020-3744.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3744", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Read\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3744", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3745.json b/2020/3xxx/CVE-2020-3745.json index dadc26dbb97..b065640aae7 100644 --- a/2020/3xxx/CVE-2020-3745.json +++ b/2020/3xxx/CVE-2020-3745.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3745", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3746.json b/2020/3xxx/CVE-2020-3746.json index a30ca5f8656..47f14d5574f 100644 --- a/2020/3xxx/CVE-2020-3746.json +++ b/2020/3xxx/CVE-2020-3746.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3746", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3747.json b/2020/3xxx/CVE-2020-3747.json index 6689a5f2cfd..897bd8fa8d1 100644 --- a/2020/3xxx/CVE-2020-3747.json +++ b/2020/3xxx/CVE-2020-3747.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Read\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3747", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3748.json b/2020/3xxx/CVE-2020-3748.json index 9fcceef8e8f..7e288d7af6d 100644 --- a/2020/3xxx/CVE-2020-3748.json +++ b/2020/3xxx/CVE-2020-3748.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3748", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3749.json b/2020/3xxx/CVE-2020-3749.json index bdf614ed11f..e3df12a402b 100644 --- a/2020/3xxx/CVE-2020-3749.json +++ b/2020/3xxx/CVE-2020-3749.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3749", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3750.json b/2020/3xxx/CVE-2020-3750.json index 246907ac521..31ea71c48c2 100644 --- a/2020/3xxx/CVE-2020-3750.json +++ b/2020/3xxx/CVE-2020-3750.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3750", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3751.json b/2020/3xxx/CVE-2020-3751.json index e7f408d7c1d..b01232b43c0 100644 --- a/2020/3xxx/CVE-2020-3751.json +++ b/2020/3xxx/CVE-2020-3751.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3751", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3751", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3752.json b/2020/3xxx/CVE-2020-3752.json index 218a5f67924..e470cb3e11e 100644 --- a/2020/3xxx/CVE-2020-3752.json +++ b/2020/3xxx/CVE-2020-3752.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Error" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3752", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3753.json b/2020/3xxx/CVE-2020-3753.json index 6f23a8f46d6..ca70cb8c05b 100644 --- a/2020/3xxx/CVE-2020-3753.json +++ b/2020/3xxx/CVE-2020-3753.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack exhaustion " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3753", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3754.json b/2020/3xxx/CVE-2020-3754.json index 993456cd7d7..a327fae4bf1 100644 --- a/2020/3xxx/CVE-2020-3754.json +++ b/2020/3xxx/CVE-2020-3754.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Error" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3754", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3755.json b/2020/3xxx/CVE-2020-3755.json index 1c357f7b6ab..252c9bc4744 100644 --- a/2020/3xxx/CVE-2020-3755.json +++ b/2020/3xxx/CVE-2020-3755.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Read\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3755", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3756.json b/2020/3xxx/CVE-2020-3756.json index 90c4ebdfd1e..4c21fc0ef39 100644 --- a/2020/3xxx/CVE-2020-3756.json +++ b/2020/3xxx/CVE-2020-3756.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack exhaustion " + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3756", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3757.json b/2020/3xxx/CVE-2020-3757.json index f3081c1996b..0d7e6ee78d2 100644 --- a/2020/3xxx/CVE-2020-3757.json +++ b/2020/3xxx/CVE-2020-3757.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 \u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Flash Player" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-06.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/flash-player/apsb20-06.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0513", + "url": "https://access.redhat.com/errata/RHSA-2020:0513" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3757", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3759.json b/2020/3xxx/CVE-2020-3759.json index 457f1b692dc..659b62e8c9d 100644 --- a/2020/3xxx/CVE-2020-3759.json +++ b/2020/3xxx/CVE-2020-3759.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.5.10 and below versions" + } + ] + }, + "product_name": "Adobe Digital Editions" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Errors" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3759", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3760.json b/2020/3xxx/CVE-2020-3760.json index 4d212239cbc..e67f7997bc1 100644 --- a/2020/3xxx/CVE-2020-3760.json +++ b/2020/3xxx/CVE-2020-3760.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.5.10 and below versions" + } + ] + }, + "product_name": "Adobe Digital Editions" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3760", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3762.json b/2020/3xxx/CVE-2020-3762.json index 4c36a83d677..760971fc4bb 100644 --- a/2020/3xxx/CVE-2020-3762.json +++ b/2020/3xxx/CVE-2020-3762.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3762", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3763.json b/2020/3xxx/CVE-2020-3763.json index 2ba38c027eb..aad2c47c3ac 100644 --- a/2020/3xxx/CVE-2020-3763.json +++ b/2020/3xxx/CVE-2020-3763.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-3763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.021.20061 and earlier, 2017.011.30156\u202fand earlier, 2017.011.30156\u202fand earlier, and 2015.006.30508\u202fand earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-05.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-3763", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3925.json b/2020/3xxx/CVE-2020-3925.json index 0c89af45d37..26247c34650 100644 --- a/2020/3xxx/CVE-2020-3925.json +++ b/2020/3xxx/CVE-2020-3925.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-03T10:00:00.000Z", "ID": "CVE-2020-3925", "STATE": "PUBLIC", @@ -77,8 +77,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005" + }, + { + "refsource": "MISC", + "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce", + "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce" } ] }, diff --git a/2020/3xxx/CVE-2020-3926.json b/2020/3xxx/CVE-2020-3926.json index 70ca20ae00b..56cb64a7222 100644 --- a/2020/3xxx/CVE-2020-3926.json +++ b/2020/3xxx/CVE-2020-3926.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-03T10:00:00.000Z", "ID": "CVE-2020-3926", "STATE": "PUBLIC", @@ -77,8 +77,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006" + }, + { + "refsource": "MISC", + "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce", + "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce" } ] }, diff --git a/2020/3xxx/CVE-2020-3927.json b/2020/3xxx/CVE-2020-3927.json index 375c3c4bf2b..716f54d49b2 100644 --- a/2020/3xxx/CVE-2020-3927.json +++ b/2020/3xxx/CVE-2020-3927.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-03T10:00:00.000Z", "ID": "CVE-2020-3927", "STATE": "PUBLIC", @@ -77,8 +77,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007" + }, + { + "refsource": "MISC", + "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce", + "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce" } ] }, diff --git a/2020/3xxx/CVE-2020-3933.json b/2020/3xxx/CVE-2020-3933.json index fa930cf9227..87f8e4e7732 100644 --- a/2020/3xxx/CVE-2020-3933.json +++ b/2020/3xxx/CVE-2020-3933.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-11T03:59:00.000Z", "ID": "CVE-2020-3933", "STATE": "PUBLIC", @@ -89,16 +89,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910017" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910017", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910017" }, { - "refsource": "CONFIRM", - "url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac" + "refsource": "MISC", + "url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac", + "name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac" }, { - "refsource": "CONFIRM", - "url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b" + "refsource": "MISC", + "url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b", + "name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b" } ] }, diff --git a/2020/3xxx/CVE-2020-3934.json b/2020/3xxx/CVE-2020-3934.json index d14b90a2a52..930894a392b 100644 --- a/2020/3xxx/CVE-2020-3934.json +++ b/2020/3xxx/CVE-2020-3934.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-11T03:59:00.000Z", "ID": "CVE-2020-3934", "STATE": "PUBLIC", @@ -89,16 +89,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910016" + "refsource": "MISC", + "url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac", + "name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac" }, { - "refsource": "CONFIRM", - "url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac" + "refsource": "MISC", + "url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b", + "name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b" }, { - "refsource": "CONFIRM", - "url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910016", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910016" } ] }, diff --git a/2020/3xxx/CVE-2020-3935.json b/2020/3xxx/CVE-2020-3935.json index 7aa3591cf0f..accbc06bced 100644 --- a/2020/3xxx/CVE-2020-3935.json +++ b/2020/3xxx/CVE-2020-3935.json @@ -1,11 +1,11 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-11T03:59:00.000Z", "ID": "CVE-2020-3935", "STATE": "PUBLIC", - "TITLE": "Secom Co. Dr.ID – Sensitivity Information Exposure" + "TITLE": "Secom Co. Dr.ID \u2013 Sensitivity Information Exposure" }, "affects": { "vendor": { @@ -51,7 +51,7 @@ "description_data": [ { "lang": "eng", - "value": "Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers." + "value": "Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Management system, stores users\u2019 information by cleartext in the cookie, which divulges password to attackers." } ] }, @@ -89,16 +89,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910018" + "refsource": "MISC", + "url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac", + "name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac" }, { - "refsource": "CONFIRM", - "url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac" + "refsource": "MISC", + "url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b", + "name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b" }, { - "refsource": "CONFIRM", - "url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910018", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910018" } ] }, diff --git a/2020/3xxx/CVE-2020-3937.json b/2020/3xxx/CVE-2020-3937.json index 43db67e1aa2..b1b6a7f2787 100644 --- a/2020/3xxx/CVE-2020-3937.json +++ b/2020/3xxx/CVE-2020-3937.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-04T05:00:00.000Z", "ID": "CVE-2020-3937", "STATE": "PUBLIC", diff --git a/2020/3xxx/CVE-2020-3938.json b/2020/3xxx/CVE-2020-3938.json index 4dceb814a4d..e245d063ff9 100644 --- a/2020/3xxx/CVE-2020-3938.json +++ b/2020/3xxx/CVE-2020-3938.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-04T05:00:00.000Z", "ID": "CVE-2020-3938", "STATE": "PUBLIC", diff --git a/2020/3xxx/CVE-2020-3939.json b/2020/3xxx/CVE-2020-3939.json index 8d871c78c9f..d8ecd2c5109 100644 --- a/2020/3xxx/CVE-2020-3939.json +++ b/2020/3xxx/CVE-2020-3939.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "AKA": "TWCERT/CC", - "ASSIGNER": "twcert@cert.org.tw", + "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-04T05:00:00.000Z", "ID": "CVE-2020-3939", "STATE": "PUBLIC", diff --git a/2020/4xxx/CVE-2020-4163.json b/2020/4xxx/CVE-2020-4163.json index baed62cb837..33fff9e7124 100644 --- a/2020/4xxx/CVE-2020-4163.json +++ b/2020/4xxx/CVE-2020-4163.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "AV": "N", + "AC": "H", + "SCORE": "6.600", + "A": "H", + "I": "H", + "UI": "N", + "C": "H", + "PR": "H", + "S": "U" + } + } }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.", + "lang": "eng" } ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 1288786 (WebSphere Application Server)", + "url": "https://www.ibm.com/support/pages/node/1288786", + "name": "https://www.ibm.com/support/pages/node/1288786" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174397", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-websphere-cve20204163-code-exec (174397)" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + }, + "product_name": "WebSphere Application Server" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4163", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-03T00:00:00" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5208.json b/2020/5xxx/CVE-2020-5208.json index 9aba7462411..ac733ffed4f 100644 --- a/2020/5xxx/CVE-2020-5208.json +++ b/2020/5xxx/CVE-2020-5208.json @@ -1,18 +1,107 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "remote code execution vulnerability in ipmitool" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ipmitool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "< 1.8.19" + } + ] + } + } + ] + }, + "vendor_name": "ipmitool" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp", + "refsource": "CONFIRM", + "url": "https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp" + }, + { + "name": "https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2", + "refsource": "MISC", + "url": "https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2098-1] ipmitool security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-92cc67ff5a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYYEKUAUTCWICM77HOEGZDVVEUJLP4BP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-eb0cf4d268", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K2BPW66KDP4H36AGZXLED57A3O2Y6EQW/" + } + ] + }, + "source": { + "advisory": "GHSA-g659-9qxw-p7cp", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5227.json b/2020/5xxx/CVE-2020-5227.json index a6a8b3a27b1..356d14b248f 100644 --- a/2020/5xxx/CVE-2020-5227.json +++ b/2020/5xxx/CVE-2020-5227.json @@ -83,6 +83,11 @@ "name": "https://github.com/lkiesow/python-feedgen/commit/f57a01b20fa4aaaeccfa417f28e66b4084b9d0cf", "refsource": "MISC", "url": "https://github.com/lkiesow/python-feedgen/commit/f57a01b20fa4aaaeccfa417f28e66b4084b9d0cf" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-8493201e90", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6I5ENUYGFNMIH6ZQ62FZ6VU2WD3SIOI/" } ] }, diff --git a/2020/5xxx/CVE-2020-5237.json b/2020/5xxx/CVE-2020-5237.json index ffcf8e7bd47..b6341127fae 100644 --- a/2020/5xxx/CVE-2020-5237.json +++ b/2020/5xxx/CVE-2020-5237.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Relative Path Traversal in oneup/uploader-bundle" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "oneup/uploader-bundle", + "version": { + "version_data": [ + { + "version_value": "< 1.9.3" + }, + { + "version_value": ">= 2.0.0, < 2.1.5" + } + ] + } + } + ] + }, + "vendor_name": "1up-lab" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to upload files to arbitrary folders on the filesystem. The assembly process can further be misused with some restrictions to delete and copy files to other locations. This is fixed in versions 1.9.3 and 2.1.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/1up-lab/OneupUploaderBundle/security/advisories/GHSA-x8wj-6m73-gfqp", + "refsource": "CONFIRM", + "url": "https://github.com/1up-lab/OneupUploaderBundle/security/advisories/GHSA-x8wj-6m73-gfqp" + }, + { + "name": "https://github.com/1up-lab/OneupUploaderBundle/commit/a6011449b716f163fe1ae323053077e59212350c", + "refsource": "MISC", + "url": "https://github.com/1up-lab/OneupUploaderBundle/commit/a6011449b716f163fe1ae323053077e59212350c" + } + ] + }, + "source": { + "advisory": "GHSA-x8wj-6m73-gfqp", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5239.json b/2020/5xxx/CVE-2020-5239.json index e276af2efa8..6c3f8fb8e42 100644 --- a/2020/5xxx/CVE-2020-5239.json +++ b/2020/5xxx/CVE-2020-5239.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5239", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Unspecified vulnerability in the fetchmail script in Mailu" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mailu", + "version": { + "version_data": [ + { + "version_value": "< 1.7" + } + ] + } + } + ] + }, + "vendor_name": "Mailu" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Mailu/Mailu/security/advisories/GHSA-2467-p5gv-58q6", + "refsource": "CONFIRM", + "url": "https://github.com/Mailu/Mailu/security/advisories/GHSA-2467-p5gv-58q6" + }, + { + "name": "https://github.com/Mailu/Mailu/issues/1354", + "refsource": "MISC", + "url": "https://github.com/Mailu/Mailu/issues/1354" + } + ] + }, + "source": { + "advisory": "GHSA-2467-p5gv-58q6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5241.json b/2020/5xxx/CVE-2020-5241.json index ce297b9adea..44e298e6220 100644 --- a/2020/5xxx/CVE-2020-5241.json +++ b/2020/5xxx/CVE-2020-5241.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5241", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS/Script injection vulnerability in matestack" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "matestack-ui-core", + "version": { + "version_data": [ + { + "version_value": "< 0.7.4" + } + ] + } + } + ] + }, + "vendor_name": "matestack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh", + "refsource": "CONFIRM", + "url": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh" + } + ] + }, + "source": { + "advisory": "GHSA-3jqw-vv45-mjhh", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5317.json b/2020/5xxx/CVE-2020-5317.json index a362926fafb..909268f05c3 100644 --- a/2020/5xxx/CVE-2020-5317.json +++ b/2020/5xxx/CVE-2020-5317.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-01-29", "ID": "CVE-2020-5317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elastic Cloud Storage", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.4.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.2, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability", + "name": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability" } ] } diff --git a/2020/5xxx/CVE-2020-5318.json b/2020/5xxx/CVE-2020-5318.json index 32bf926aecc..ac32782d990 100644 --- a/2020/5xxx/CVE-2020-5318.json +++ b/2020/5xxx/CVE-2020-5318.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-01-29", "ID": "CVE-2020-5318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability", + "name": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability" } ] } diff --git a/2020/5xxx/CVE-2020-5319.json b/2020/5xxx/CVE-2020-5319.json index 36d79832f48..572f6661382 100644 --- a/2020/5xxx/CVE-2020-5319.json +++ b/2020/5xxx/CVE-2020-5319.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-01-20", "ID": "CVE-2020-5319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.2.0.5.009" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-129: Improper Validation of Array Index" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/540336/DSA-2020-019-Dell-EMC-Unity-Family-Dell-EMC-Unity-XT-Family-Denial-of-Service-Vulnerability", + "name": "https://www.dell.com/support/security/en-us/details/540336/DSA-2020-019-Dell-EMC-Unity-Family-Dell-EMC-Unity-XT-Family-Denial-of-Service-Vulnerability" } ] } diff --git a/2020/5xxx/CVE-2020-5399.json b/2020/5xxx/CVE-2020-5399.json index 0d4fd0d941e..7250c7d7c57 100644 --- a/2020/5xxx/CVE-2020-5399.json +++ b/2020/5xxx/CVE-2020-5399.json @@ -3,16 +3,83 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-02-12T00:00:00.000Z", "ID": "CVE-2020-5399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CredHub does not properly enable TLS for MySQL database connections" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CredHub", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "Edge", + "version_value": "2.5.10" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2020-5399", + "name": "https://www.cloudfoundry.org/blog/cve-2020-5399" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5528.json b/2020/5xxx/CVE-2020-5528.json index 7c6598d0e2b..af126eaf87e 100644 --- a/2020/5xxx/CVE-2020-5528.json +++ b/2020/5xxx/CVE-2020-5528.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html", + "refsource": "MISC", + "name": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN94435544/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN94435544/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)" + } + ] + }, + "product_name": "Movable Type series" + } + ] + }, + "vendor_name": "Six Apart Ltd" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5528", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5529.json b/2020/5xxx/CVE-2020-5529.json index 57f9d82d3c3..08034250d1d 100644 --- a/2020/5xxx/CVE-2020-5529.json +++ b/2020/5xxx/CVE-2020-5529.json @@ -4,15 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HtmlUnit", + "version": { + "version_data": [ + { + "version_value": "prior to 2.37.0" + } + ] + } + } + ] + }, + "vendor_name": "HtmlUnit Project" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", + "refsource": "CONFIRM", + "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0" + }, + { + "name": "https://jvn.jp/en/jp/JVN34535327/", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN34535327/" } ] } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5531.json b/2020/5xxx/CVE-2020-5531.json index fa1038e8344..1b2e151b7eb 100644 --- a/2020/5xxx/CVE-2020-5531.json +++ b/2020/5xxx/CVE-2020-5531.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-003_en.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2019-003_en.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU95424547/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU95424547/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before)" + } + ] + }, + "product_name": "Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000" + } + ] + }, + "vendor_name": "Mitsubishi Electric Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5531", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service (DoS) and malware execution" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5532.json b/2020/5xxx/CVE-2020-5532.json index 9f94c0ce409..e0fba761ca5 100644 --- a/2020/5xxx/CVE-2020-5532.json +++ b/2020/5xxx/CVE-2020-5532.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "http://jvn.jp/en/jp/JVN35496038/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN35496038/index.html" + }, + { + "url": "https://play.google.com/store/apps/details?id=jp.extrun.ilbo&hl=en", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=jp.extrun.ilbo&hl=en" + }, + { + "url": "https://apps.apple.com/us/app/ilbo/id1116864683", + "refsource": "MISC", + "name": "https://apps.apple.com/us/app/ilbo/id1116864683" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.0" + } + ] + }, + "product_name": "ilbo App" + } + ] + }, + "vendor_name": "EXTRUN Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5532", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5720.json b/2020/5xxx/CVE-2020-5720.json index 5f6876d4f9a..95cf0e09e58 100644 --- a/2020/5xxx/CVE-2020-5720.json +++ b/2020/5xxx/CVE-2020-5720.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MikroTik WinBox", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 3.21" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal File Writing (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-07", + "url": "https://www.tenable.com/security/research/tra-2020-07" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack." } ] } diff --git a/2020/5xxx/CVE-2020-5820.json b/2020/5xxx/CVE-2020-5820.json index ca743a2bed9..7779459a232 100644 --- a/2020/5xxx/CVE-2020-5820.json +++ b/2020/5xxx/CVE-2020-5820.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user." } ] } diff --git a/2020/5xxx/CVE-2020-5821.json b/2020/5xxx/CVE-2020-5821.json index 2688ef8ae41..e4349f761b1 100644 --- a/2020/5xxx/CVE-2020-5821.json +++ b/2020/5xxx/CVE-2020-5821.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit." } ] } diff --git a/2020/5xxx/CVE-2020-5822.json b/2020/5xxx/CVE-2020-5822.json index 9207eb79f53..e22f78a01ca 100644 --- a/2020/5xxx/CVE-2020-5822.json +++ b/2020/5xxx/CVE-2020-5822.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user." } ] } diff --git a/2020/5xxx/CVE-2020-5823.json b/2020/5xxx/CVE-2020-5823.json index c02a24016ff..dfd6f0cd396 100644 --- a/2020/5xxx/CVE-2020-5823.json +++ b/2020/5xxx/CVE-2020-5823.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5823", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user." } ] } diff --git a/2020/5xxx/CVE-2020-5824.json b/2020/5xxx/CVE-2020-5824.json index d502be4bfe1..d7129bbc185 100644 --- a/2020/5xxx/CVE-2020-5824.json +++ b/2020/5xxx/CVE-2020-5824.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable." } ] } diff --git a/2020/5xxx/CVE-2020-5825.json b/2020/5xxx/CVE-2020-5825.json index b3492d49ae8..5ecb876f962 100644 --- a/2020/5xxx/CVE-2020-5825.json +++ b/2020/5xxx/CVE-2020-5825.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5825", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges." } ] } diff --git a/2020/5xxx/CVE-2020-5826.json b/2020/5xxx/CVE-2020-5826.json index b6887a71df7..d6a93b40a72 100644 --- a/2020/5xxx/CVE-2020-5826.json +++ b/2020/5xxx/CVE-2020-5826.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5826", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program." } ] } diff --git a/2020/5xxx/CVE-2020-5827.json b/2020/5xxx/CVE-2020-5827.json index e4a2f6448ca..3c1f1cafcc3 100644 --- a/2020/5xxx/CVE-2020-5827.json +++ b/2020/5xxx/CVE-2020-5827.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection Manager (SEPM)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program." } ] } diff --git a/2020/5xxx/CVE-2020-5828.json b/2020/5xxx/CVE-2020-5828.json index d63fbbaadce..f5867a19f1a 100644 --- a/2020/5xxx/CVE-2020-5828.json +++ b/2020/5xxx/CVE-2020-5828.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection Manager (SEPM)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program." } ] } diff --git a/2020/5xxx/CVE-2020-5829.json b/2020/5xxx/CVE-2020-5829.json index 05c9b5eacfc..3d484c932e9 100644 --- a/2020/5xxx/CVE-2020-5829.json +++ b/2020/5xxx/CVE-2020-5829.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5829", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection Manager (SEPM)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program." } ] } diff --git a/2020/5xxx/CVE-2020-5830.json b/2020/5xxx/CVE-2020-5830.json index c91c9ce20a8..9b36414bd4f 100644 --- a/2020/5xxx/CVE-2020-5830.json +++ b/2020/5xxx/CVE-2020-5830.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5830", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection Manager (SEPM)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program." } ] } diff --git a/2020/5xxx/CVE-2020-5831.json b/2020/5xxx/CVE-2020-5831.json index 9e4dd36bd5a..f566c10a777 100644 --- a/2020/5xxx/CVE-2020-5831.json +++ b/2020/5xxx/CVE-2020-5831.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection Manager (SEPM)", + "version": { + "version_data": [ + { + "version_value": "Prior to 14.2 RU2 MP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.symantec.com/us/en/article.SYMSA1505.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1505.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program." } ] } diff --git a/2020/5xxx/CVE-2020-5854.json b/2020/5xxx/CVE-2020-5854.json index 90ac4d24717..29f96cd2d7b 100644 --- a/2020/5xxx/CVE-2020-5854.json +++ b/2020/5xxx/CVE-2020-5854.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1.1" + }, + { + "version_value": "14.1.0-14.1.2.2" + }, + { + "version_value": "14.0.0-14.0.1" + }, + { + "version_value": "13.1.0-13.1.3.1" + }, + { + "version_value": "12.1.0-12.1.5" + }, + { + "version_value": "11.6.0-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K50046200", + "url": "https://support.f5.com/csp/article/K50046200" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made." } ] } diff --git a/2020/5xxx/CVE-2020-5855.json b/2020/5xxx/CVE-2020-5855.json index 63b2fff0def..d37f698d9b1 100644 --- a/2020/5xxx/CVE-2020-5855.json +++ b/2020/5xxx/CVE-2020-5855.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "Edge Client for Windows", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K55102004", + "url": "https://support.f5.com/csp/article/K55102004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user." } ] } diff --git a/2020/5xxx/CVE-2020-5856.json b/2020/5xxx/CVE-2020-5856.json index a119537ab25..5da5c53d31a 100644 --- a/2020/5xxx/CVE-2020-5856.json +++ b/2020/5xxx/CVE-2020-5856.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.0.1.1" + }, + { + "version_value": "14.1.0-14.1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K00025388", + "url": "https://support.f5.com/csp/article/K00025388" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart." } ] } diff --git a/2020/6xxx/CVE-2020-6058.json b/2020/6xxx/CVE-2020-6058.json index f90e4a10fa7..a5a970fe279 100644 --- a/2020/6xxx/CVE-2020-6058.json +++ b/2020/6xxx/CVE-2020-6058.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mini-SNMPD", + "version": { + "version_data": [ + { + "version_value": "Mini-SNMPD 1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0975", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0975" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server." } ] } diff --git a/2020/6xxx/CVE-2020-6059.json b/2020/6xxx/CVE-2020-6059.json index 8065c4db816..f89d043b8f4 100644 --- a/2020/6xxx/CVE-2020-6059.json +++ b/2020/6xxx/CVE-2020-6059.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mini-SNMPD", + "version": { + "version_data": [ + { + "version_value": "Mini-SNMPD 1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0976", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0976" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server." } ] } diff --git a/2020/6xxx/CVE-2020-6060.json b/2020/6xxx/CVE-2020-6060.json index 4ad00768687..d45d2da5cd6 100644 --- a/2020/6xxx/CVE-2020-6060.json +++ b/2020/6xxx/CVE-2020-6060.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mini-SNMPD", + "version": { + "version_data": [ + { + "version_value": "Mini-SNMPD 1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0977", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0977" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server." } ] } diff --git a/2020/6xxx/CVE-2020-6063.json b/2020/6xxx/CVE-2020-6063.json index a1ec856f06b..b3d6f086c9c 100644 --- a/2020/6xxx/CVE-2020-6063.json +++ b/2020/6xxx/CVE-2020-6063.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0986", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0986" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6064.json b/2020/6xxx/CVE-2020-6064.json index 43878a1fd4c..1b5f4dccf55 100644 --- a/2020/6xxx/CVE-2020-6064.json +++ b/2020/6xxx/CVE-2020-6064.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6064", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0987", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0987" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6065.json b/2020/6xxx/CVE-2020-6065.json index d087a3edcfd..1427c01e149 100644 --- a/2020/6xxx/CVE-2020-6065.json +++ b/2020/6xxx/CVE-2020-6065.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0989", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0989" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6066.json b/2020/6xxx/CVE-2020-6066.json index 7a12d9f1bc7..9fa3c1f272a 100644 --- a/2020/6xxx/CVE-2020-6066.json +++ b/2020/6xxx/CVE-2020-6066.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0990", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0990" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6067.json b/2020/6xxx/CVE-2020-6067.json index 37b54ddd56e..f9feb98e0bc 100644 --- a/2020/6xxx/CVE-2020-6067.json +++ b/2020/6xxx/CVE-2020-6067.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0991", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0991" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6068.json b/2020/6xxx/CVE-2020-6068.json index e6fda3527bc..111d7cfd349 100644 --- a/2020/6xxx/CVE-2020-6068.json +++ b/2020/6xxx/CVE-2020-6068.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0992", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0992" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6069.json b/2020/6xxx/CVE-2020-6069.json index 8c0e0fbede7..0854e320574 100644 --- a/2020/6xxx/CVE-2020-6069.json +++ b/2020/6xxx/CVE-2020-6069.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0993", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0993" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6174.json b/2020/6xxx/CVE-2020-6174.json index 1dec1b09992..6eaeff112b7 100644 --- a/2020/6xxx/CVE-2020-6174.json +++ b/2020/6xxx/CVE-2020-6174.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6174", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6174", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/theupdateframework/tuf/pull/974", + "url": "https://github.com/theupdateframework/tuf/pull/974" } ] } diff --git a/2020/6xxx/CVE-2020-6177.json b/2020/6xxx/CVE-2020-6177.json index 9ed74a310b7..cc5e206a7e5 100644 --- a/2020/6xxx/CVE-2020-6177.json +++ b/2020/6xxx/CVE-2020-6177.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Mobile Platform", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing XML Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2880993", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2880993" + }, + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" } ] } diff --git a/2020/6xxx/CVE-2020-6181.json b/2020/6xxx/CVE-2020-6181.json index e444befff0f..4bdc2f79540 100644 --- a/2020/6xxx/CVE-2020-6181.json +++ b/2020/6xxx/CVE-2020-6181.json @@ -4,14 +4,110 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.02" + }, + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + } + ] + } + }, + { + "product_name": "SAP ABAP Platform (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.50" + }, + { + "version_name": "=", + "version_value": "7.51" + }, + { + "version_name": "=", + "version_value": "7.52" + }, + { + "version_name": "=", + "version_value": "7.53" + }, + { + "version_name": "=", + "version_value": "7.54" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Response Splitting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2880744", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2880744" } ] } diff --git a/2020/6xxx/CVE-2020-6183.json b/2020/6xxx/CVE-2020-6183.json index d2007b8acee..d1e655d87f4 100644 --- a/2020/6xxx/CVE-2020-6183.json +++ b/2020/6xxx/CVE-2020-6183.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Host Agent", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.21" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2836445", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2836445" } ] } diff --git a/2020/6xxx/CVE-2020-6184.json b/2020/6xxx/CVE-2020-6184.json index 46ee66c1610..d9436d4aa67 100644 --- a/2020/6xxx/CVE-2020-6184.json +++ b/2020/6xxx/CVE-2020-6184.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "Automated Note Search Tool (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.0" + }, + { + "version_name": "<", + "version_value": "7.01" + }, + { + "version_name": "<", + "version_value": "7.02" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.4" + }, + { + "version_name": "<", + "version_value": "7.5" + }, + { + "version_name": "<", + "version_value": "7.51" + }, + { + "version_name": "<", + "version_value": "7.52" + }, + { + "version_name": "<", + "version_value": "7.53" + }, + { + "version_name": "<", + "version_value": "7.54" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2863397", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2863397" + }, + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" } ] } diff --git a/2020/6xxx/CVE-2020-6185.json b/2020/6xxx/CVE-2020-6185.json index 4ff46f92430..e08ab67cc75 100644 --- a/2020/6xxx/CVE-2020-6185.json +++ b/2020/6xxx/CVE-2020-6185.json @@ -4,14 +4,98 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.40" + } + ] + } + }, + { + "product_name": "SAP S/4HANA (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.50" + }, + { + "version_name": "=", + "version_value": "7.51" + }, + { + "version_name": "=", + "version_value": "7.52" + }, + { + "version_name": "=", + "version_value": "7.53" + }, + { + "version_name": "=", + "version_value": "7.54" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2880869", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2880869" } ] } diff --git a/2020/6xxx/CVE-2020-6186.json b/2020/6xxx/CVE-2020-6186.json index 5c760a59f8a..44965ad28cd 100644 --- a/2020/6xxx/CVE-2020-6186.json +++ b/2020/6xxx/CVE-2020-6186.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6186", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Host Agent", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.21" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2841053", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2841053" } ] } diff --git a/2020/6xxx/CVE-2020-6187.json b/2020/6xxx/CVE-2020-6187.json index feb3d43f432..6d8b7bc8562 100644 --- a/2020/6xxx/CVE-2020-6187.json +++ b/2020/6xxx/CVE-2020-6187.json @@ -4,14 +4,95 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (Guided Procedures)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.10" + }, + { + "version_name": "=", + "version_value": "7.11" + }, + { + "version_name": "=", + "version_value": "7.20" + }, + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + }, + { + "version_name": "=", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing XML Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2864415", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2864415" } ] } diff --git a/2020/6xxx/CVE-2020-6188.json b/2020/6xxx/CVE-2020-6188.json index d232d405cd5..fcefa344e73 100644 --- a/2020/6xxx/CVE-2020-6188.json +++ b/2020/6xxx/CVE-2020-6188.json @@ -4,14 +4,149 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6188", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP ERP (SAP_APPL)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "6.0" + }, + { + "version_name": "=", + "version_value": "6.02" + }, + { + "version_name": "=", + "version_value": "6.03" + }, + { + "version_name": "=", + "version_value": "6.04" + }, + { + "version_name": "=", + "version_value": "6.05" + }, + { + "version_name": "=", + "version_value": "6.06" + }, + { + "version_name": "=", + "version_value": "6.16" + } + ] + } + }, + { + "product_name": "SAP ERP (SAP_FIN)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "6.17" + }, + { + "version_name": "=", + "version_value": "6.18" + }, + { + "version_name": "=", + "version_value": "7.0" + }, + { + "version_name": "=", + "version_value": "7.20" + }, + { + "version_name": "=", + "version_value": "7.30" + } + ] + } + }, + { + "product_name": "SAP S/4 HANA (S4CORE)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "1.0" + }, + { + "version_name": "=", + "version_value": "1.01" + }, + { + "version_name": "=", + "version_value": "1.02" + }, + { + "version_name": "=", + "version_value": "1.03" + }, + { + "version_name": "=", + "version_value": "1.04" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2857511", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2857511" } ] } diff --git a/2020/6xxx/CVE-2020-6189.json b/2020/6xxx/CVE-2020-6189.json index d8c30cefed3..16201b5e8f6 100644 --- a/2020/6xxx/CVE-2020-6189.json +++ b/2020/6xxx/CVE-2020-6189.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6189", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Business Objects Business Intelligence Platform (CMC)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2695210", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2695210" } ] } diff --git a/2020/6xxx/CVE-2020-6190.json b/2020/6xxx/CVE-2020-6190.json index 0901cc308b9..9637c8109f2 100644 --- a/2020/6xxx/CVE-2020-6190.json +++ b/2020/6xxx/CVE-2020-6190.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS Java (Heap Dump Application)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + }, + { + "version_name": "=", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2838835", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2838835" } ] } diff --git a/2020/6xxx/CVE-2020-6191.json b/2020/6xxx/CVE-2020-6191.json index 0326ffb607e..301a9ecd782 100644 --- a/2020/6xxx/CVE-2020-6191.json +++ b/2020/6xxx/CVE-2020-6191.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Landscape Management", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2878030", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2878030" } ] } diff --git a/2020/6xxx/CVE-2020-6192.json b/2020/6xxx/CVE-2020-6192.json index 6c4dbcc13a8..d2ac845756d 100644 --- a/2020/6xxx/CVE-2020-6192.json +++ b/2020/6xxx/CVE-2020-6192.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Landscape Management", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2877968", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2877968" + }, + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" } ] } diff --git a/2020/6xxx/CVE-2020-6193.json b/2020/6xxx/CVE-2020-6193.json index 5956781476f..3bcd3a251d7 100644 --- a/2020/6xxx/CVE-2020-6193.json +++ b/2020/6xxx/CVE-2020-6193.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6193", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (Knowledge Management ICE Service)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + }, + { + "version_name": "=", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2873012", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2873012" } ] } diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index e29546eabb1..99f5cfa5798 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6377", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { diff --git a/2020/6xxx/CVE-2020-6378.json b/2020/6xxx/CVE-2020-6378.json index 40c330864b5..bdefebd8e98 100644 --- a/2020/6xxx/CVE-2020-6378.json +++ b/2020/6xxx/CVE-2020-6378.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.130", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1018677", + "refsource": "MISC", + "name": "https://crbug.com/1018677" + }, + { + "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6379.json b/2020/6xxx/CVE-2020-6379.json index ff03a0eb4eb..593994553b3 100644 --- a/2020/6xxx/CVE-2020-6379.json +++ b/2020/6xxx/CVE-2020-6379.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6379", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.130", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html" + }, + { + "url": "https://crbug.com/1033407", + "refsource": "MISC", + "name": "https://crbug.com/1033407" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6380.json b/2020/6xxx/CVE-2020-6380.json index 898b1dc758b..4f61baea18f 100644 --- a/2020/6xxx/CVE-2020-6380.json +++ b/2020/6xxx/CVE-2020-6380.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.130", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html" + }, + { + "url": "https://crbug.com/1032170", + "refsource": "MISC", + "name": "https://crbug.com/1032170" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension." } ] } diff --git a/2020/6xxx/CVE-2020-6381.json b/2020/6xxx/CVE-2020-6381.json index edcaa4427a2..f51cad9a2de 100644 --- a/2020/6xxx/CVE-2020-6381.json +++ b/2020/6xxx/CVE-2020-6381.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6381", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1034394", + "refsource": "MISC", + "name": "https://crbug.com/1034394" + }, + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6382.json b/2020/6xxx/CVE-2020-6382.json index 5e549354204..573a1a475d7 100644 --- a/2020/6xxx/CVE-2020-6382.json +++ b/2020/6xxx/CVE-2020-6382.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1031909", + "refsource": "MISC", + "name": "https://crbug.com/1031909" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6385.json b/2020/6xxx/CVE-2020-6385.json index efe29da16c6..dd4ccf3efb8 100644 --- a/2020/6xxx/CVE-2020-6385.json +++ b/2020/6xxx/CVE-2020-6385.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6385", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1035399", + "refsource": "MISC", + "name": "https://crbug.com/1035399" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6387.json b/2020/6xxx/CVE-2020-6387.json index 3a6a316856d..205c6c06267 100644 --- a/2020/6xxx/CVE-2020-6387.json +++ b/2020/6xxx/CVE-2020-6387.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1042535", + "refsource": "MISC", + "name": "https://crbug.com/1042535" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream." } ] } diff --git a/2020/6xxx/CVE-2020-6388.json b/2020/6xxx/CVE-2020-6388.json index 71621d79187..c4d3da0c4d7 100644 --- a/2020/6xxx/CVE-2020-6388.json +++ b/2020/6xxx/CVE-2020-6388.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1042879", + "refsource": "MISC", + "name": "https://crbug.com/1042879" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6389.json b/2020/6xxx/CVE-2020-6389.json index 8b030dacf48..aafd2041d01 100644 --- a/2020/6xxx/CVE-2020-6389.json +++ b/2020/6xxx/CVE-2020-6389.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1042933", + "refsource": "MISC", + "name": "https://crbug.com/1042933" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream." } ] } diff --git a/2020/6xxx/CVE-2020-6390.json b/2020/6xxx/CVE-2020-6390.json index 6cd2d8163e0..d707ee2cd0d 100644 --- a/2020/6xxx/CVE-2020-6390.json +++ b/2020/6xxx/CVE-2020-6390.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1045874", + "refsource": "MISC", + "name": "https://crbug.com/1045874" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6391.json b/2020/6xxx/CVE-2020-6391.json index 1d8c263a066..0dd750ddf7b 100644 --- a/2020/6xxx/CVE-2020-6391.json +++ b/2020/6xxx/CVE-2020-6391.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1017871", + "refsource": "MISC", + "name": "https://crbug.com/1017871" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6392.json b/2020/6xxx/CVE-2020-6392.json index afa42c142f1..1e847ab9af4 100644 --- a/2020/6xxx/CVE-2020-6392.json +++ b/2020/6xxx/CVE-2020-6392.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1030411", + "refsource": "MISC", + "name": "https://crbug.com/1030411" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension." } ] } diff --git a/2020/6xxx/CVE-2020-6393.json b/2020/6xxx/CVE-2020-6393.json index 24a05f3cd50..842806a5d91 100644 --- a/2020/6xxx/CVE-2020-6393.json +++ b/2020/6xxx/CVE-2020-6393.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1035058", + "refsource": "MISC", + "name": "https://crbug.com/1035058" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6394.json b/2020/6xxx/CVE-2020-6394.json index 4fc3523db5c..46880698eb8 100644 --- a/2020/6xxx/CVE-2020-6394.json +++ b/2020/6xxx/CVE-2020-6394.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6394", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1014371", + "refsource": "MISC", + "name": "https://crbug.com/1014371" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6395.json b/2020/6xxx/CVE-2020-6395.json index f18b99ca7d5..67210259840 100644 --- a/2020/6xxx/CVE-2020-6395.json +++ b/2020/6xxx/CVE-2020-6395.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1022855", + "refsource": "MISC", + "name": "https://crbug.com/1022855" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6396.json b/2020/6xxx/CVE-2020-6396.json index c25c36e56ec..99c8bc7c200 100644 --- a/2020/6xxx/CVE-2020-6396.json +++ b/2020/6xxx/CVE-2020-6396.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1035271", + "refsource": "MISC", + "name": "https://crbug.com/1035271" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6397.json b/2020/6xxx/CVE-2020-6397.json index 14a48d5dc51..71af3b8cb5e 100644 --- a/2020/6xxx/CVE-2020-6397.json +++ b/2020/6xxx/CVE-2020-6397.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect security UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1027408", + "refsource": "MISC", + "name": "https://crbug.com/1027408" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6398.json b/2020/6xxx/CVE-2020-6398.json index 5ac714c8b07..21e044c0df4 100644 --- a/2020/6xxx/CVE-2020-6398.json +++ b/2020/6xxx/CVE-2020-6398.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uninitialized use" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1032090", + "refsource": "MISC", + "name": "https://crbug.com/1032090" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ] } diff --git a/2020/6xxx/CVE-2020-6399.json b/2020/6xxx/CVE-2020-6399.json index 22d232cf83d..653e45ac9a4 100644 --- a/2020/6xxx/CVE-2020-6399.json +++ b/2020/6xxx/CVE-2020-6399.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1039869", + "refsource": "MISC", + "name": "https://crbug.com/1039869" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6400.json b/2020/6xxx/CVE-2020-6400.json index 2b0ff8e7d2c..1ac59e735f5 100644 --- a/2020/6xxx/CVE-2020-6400.json +++ b/2020/6xxx/CVE-2020-6400.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1038036", + "refsource": "MISC", + "name": "https://crbug.com/1038036" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6401.json b/2020/6xxx/CVE-2020-6401.json index b08957544cb..52498ef8b1d 100644 --- a/2020/6xxx/CVE-2020-6401.json +++ b/2020/6xxx/CVE-2020-6401.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1017707", + "refsource": "MISC", + "name": "https://crbug.com/1017707" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." } ] } diff --git a/2020/6xxx/CVE-2020-6402.json b/2020/6xxx/CVE-2020-6402.json index a226bac4ce0..e1612c01ab9 100644 --- a/2020/6xxx/CVE-2020-6402.json +++ b/2020/6xxx/CVE-2020-6402.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1029375", + "refsource": "MISC", + "name": "https://crbug.com/1029375" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension." } ] } diff --git a/2020/6xxx/CVE-2020-6403.json b/2020/6xxx/CVE-2020-6403.json index 1891fb1ba40..529a2f4ec92 100644 --- a/2020/6xxx/CVE-2020-6403.json +++ b/2020/6xxx/CVE-2020-6403.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect security UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1006012", + "refsource": "MISC", + "name": "https://crbug.com/1006012" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6404.json b/2020/6xxx/CVE-2020-6404.json index 4df2b06a9a5..1a9bb381b4d 100644 --- a/2020/6xxx/CVE-2020-6404.json +++ b/2020/6xxx/CVE-2020-6404.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1024256", + "refsource": "MISC", + "name": "https://crbug.com/1024256" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to potentially exploit heap corruption via crafted clipboard content." } ] } diff --git a/2020/6xxx/CVE-2020-6405.json b/2020/6xxx/CVE-2020-6405.json index c56ea0ca586..c30ae46dd0f 100644 --- a/2020/6xxx/CVE-2020-6405.json +++ b/2020/6xxx/CVE-2020-6405.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1042145", + "refsource": "MISC", + "name": "https://crbug.com/1042145" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6406.json b/2020/6xxx/CVE-2020-6406.json index fdcfbfeeb49..b74772d54dc 100644 --- a/2020/6xxx/CVE-2020-6406.json +++ b/2020/6xxx/CVE-2020-6406.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1042254", + "refsource": "MISC", + "name": "https://crbug.com/1042254" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6408.json b/2020/6xxx/CVE-2020-6408.json index be0eaa20d83..3d40685b093 100644 --- a/2020/6xxx/CVE-2020-6408.json +++ b/2020/6xxx/CVE-2020-6408.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1026546", + "refsource": "MISC", + "name": "https://crbug.com/1026546" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6409.json b/2020/6xxx/CVE-2020-6409.json index 1a289cc20e2..36a0eeb512d 100644 --- a/2020/6xxx/CVE-2020-6409.json +++ b/2020/6xxx/CVE-2020-6409.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6409", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1037889", + "refsource": "MISC", + "name": "https://crbug.com/1037889" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name." } ] } diff --git a/2020/6xxx/CVE-2020-6410.json b/2020/6xxx/CVE-2020-6410.json index 0ea4a6bddee..44310f3d19d 100644 --- a/2020/6xxx/CVE-2020-6410.json +++ b/2020/6xxx/CVE-2020-6410.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/881675", + "refsource": "MISC", + "name": "https://crbug.com/881675" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name." } ] } diff --git a/2020/6xxx/CVE-2020-6411.json b/2020/6xxx/CVE-2020-6411.json index 9acb5fbe90e..e71fd609b58 100644 --- a/2020/6xxx/CVE-2020-6411.json +++ b/2020/6xxx/CVE-2020-6411.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/929711", + "refsource": "MISC", + "name": "https://crbug.com/929711" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." } ] } diff --git a/2020/6xxx/CVE-2020-6412.json b/2020/6xxx/CVE-2020-6412.json index ef6d00298fd..cde9b5254b2 100644 --- a/2020/6xxx/CVE-2020-6412.json +++ b/2020/6xxx/CVE-2020-6412.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/968505", + "refsource": "MISC", + "name": "https://crbug.com/968505" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." } ] } diff --git a/2020/6xxx/CVE-2020-6413.json b/2020/6xxx/CVE-2020-6413.json index 0d6584ef59b..8d01501e470 100644 --- a/2020/6xxx/CVE-2020-6413.json +++ b/2020/6xxx/CVE-2020-6413.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1005713", + "refsource": "MISC", + "name": "https://crbug.com/1005713" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6414.json b/2020/6xxx/CVE-2020-6414.json index 95b1a0cda40..42d907a1923 100644 --- a/2020/6xxx/CVE-2020-6414.json +++ b/2020/6xxx/CVE-2020-6414.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1021855", + "refsource": "MISC", + "name": "https://crbug.com/1021855" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6415.json b/2020/6xxx/CVE-2020-6415.json index 914467289bd..c5fb66cf4a1 100644 --- a/2020/6xxx/CVE-2020-6415.json +++ b/2020/6xxx/CVE-2020-6415.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1029576", + "refsource": "MISC", + "name": "https://crbug.com/1029576" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6416.json b/2020/6xxx/CVE-2020-6416.json index 8392d93472b..aee5a4db0e9 100644 --- a/2020/6xxx/CVE-2020-6416.json +++ b/2020/6xxx/CVE-2020-6416.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient data validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1031895", + "refsource": "MISC", + "name": "https://crbug.com/1031895" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6417.json b/2020/6xxx/CVE-2020-6417.json index d222f161e1f..ff86ffa9164 100644 --- a/2020/6xxx/CVE-2020-6417.json +++ b/2020/6xxx/CVE-2020-6417.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6417", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "80.0.3987.87", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1033824", + "refsource": "MISC", + "name": "https://crbug.com/1033824" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0210", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0514", + "url": "https://access.redhat.com/errata/RHSA-2020:0514" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry." } ] } diff --git a/2020/6xxx/CVE-2020-6750.json b/2020/6xxx/CVE-2020-6750.json index e3f5ab6fe12..2695c0f4f55 100644 --- a/2020/6xxx/CVE-2020-6750.json +++ b/2020/6xxx/CVE-2020-6750.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200127-0001/", "url": "https://security.netapp.com/advisory/ntap-20200127-0001/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-339d413324", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/" } ] } diff --git a/2020/6xxx/CVE-2020-6754.json b/2020/6xxx/CVE-2020-6754.json index 424ad6432ee..8d84bb931d5 100644 --- a/2020/6xxx/CVE-2020-6754.json +++ b/2020/6xxx/CVE-2020-6754.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6754", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6754", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://dotcms.com/security/SI-54", + "url": "https://dotcms.com/security/SI-54" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/dotCMS/core/issues/17796", + "url": "https://github.com/dotCMS/core/issues/17796" } ] } diff --git a/2020/6xxx/CVE-2020-6760.json b/2020/6xxx/CVE-2020-6760.json index c53b8881f07..ebf1ecb55bc 100644 --- a/2020/6xxx/CVE-2020-6760.json +++ b/2020/6xxx/CVE-2020-6760.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6760", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6760", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/0xedh/someshit/blob/master/CVE-2020-6760.md", + "url": "https://github.com/0xedh/someshit/blob/master/CVE-2020-6760.md" } ] } diff --git a/2020/6xxx/CVE-2020-6767.json b/2020/6xxx/CVE-2020-6767.json index ae8a4f73af5..0eeee78cdc5 100644 --- a/2020/6xxx/CVE-2020-6767.json +++ b/2020/6xxx/CVE-2020-6767.json @@ -1,18 +1,151 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2020-01-29T13:00:00.000Z", "ID": "CVE-2020-6767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Path Traversal in Bosch Video Management System (BVMS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "DIVAR IP 3000", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + }, + { + "product_name": "DIVAR IP 7000", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + }, + { + "product_name": "DIVAR IP all-in-one 5000", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + }, + { + "product_name": "Bosch Video Management System", + "version": { + "version_data": [ + { + "version_value": "7.0 and older" + }, + { + "version_value": "7.5 and older" + }, + { + "version_value": "8.0 through 8.0.0.329" + }, + { + "version_value": "9.0 through 9.0.0.827" + }, + { + "version_value": "10.0 through 10.0.0.1225" + } + ] + } + }, + { + "product_name": "BVMS Viewer", + "version": { + "version_data": [ + { + "version_value": "7.0 and older" + }, + { + "version_value": "7.5 and older" + }, + { + "version_value": "8.0 through 8.0.0.329" + }, + { + "version_value": "9.0 through 9.0.0.827" + }, + { + "version_value": "10.0 through 10.0.0.1225" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-381489-BT.html", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-381489-BT.html" + } + ] + }, + "source": { + "advisory": "BOSCH-SA-381489-BT", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6768.json b/2020/6xxx/CVE-2020-6768.json index 423c6fe6b5c..fc45d44eeb2 100644 --- a/2020/6xxx/CVE-2020-6768.json +++ b/2020/6xxx/CVE-2020-6768.json @@ -1,18 +1,165 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2020-01-29T13:00:00.000Z", "ID": "CVE-2020-6768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Path Traversal in Bosch Video Management System (BVMS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIVAR IP 3000", + "version": { + "version_data": [ + { + "configuration": "vulnerable BVMS version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + }, + { + "product_name": "DIVAR IP 7000", + "version": { + "version_data": [ + { + "configuration": "vulnerable BVMS version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + }, + { + "product_name": "DIVAR IP all-in-one 5000", + "version": { + "version_data": [ + { + "configuration": "vulnerable BVMS version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + }, + { + "product_name": "Bosch Video Management System", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.5" + }, + { + "configuration": "patch for security issue 211404, 241463 not installed", + "version_affected": "<=", + "version_value": "8.0.0.329" + }, + { + "configuration": "patch for security issue 211404, 241463 not installed", + "version_affected": "<=", + "version_value": "9.0.0.827" + }, + { + "configuration": "patch for security issue 211404, 241463 not installed", + "version_affected": "<=", + "version_value": "10.0.0.1225" + } + ] + } + }, + { + "product_name": "BVMS Viewer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.5" + }, + { + "configuration": "patch for security issue 211404, 241463 not installed", + "version_affected": "<=", + "version_value": "8.0.0.329" + }, + { + "configuration": "patch for security issue 211404, 241463 not installed", + "version_affected": "<=", + "version_value": "9.0.0.827" + }, + { + "configuration": "patch for security issue 211404, 241463 not installed", + "version_affected": "<=", + "version_value": "10.0.0.1225" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html", + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html" + } + ] + }, + "source": { + "advisory": "BOSCH-SA-815013-BT", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6769.json b/2020/6xxx/CVE-2020-6769.json index 9aad0180d86..8b3451e9e2d 100644 --- a/2020/6xxx/CVE-2020-6769.json +++ b/2020/6xxx/CVE-2020-6769.json @@ -1,18 +1,164 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2020-01-29T13:00:00.000Z", "ID": "CVE-2020-6769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Missing Authentication for Critical Function in Bosch Video Streaming Gateway" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIVAR IP 2000", + "version": { + "version_data": [ + { + "configuration": "port 8023 on device's firewall opened explicitly and vulnerable VSG version installed", + "version_affected": "<=", + "version_value": "3.62.0019" + } + ] + } + }, + { + "product_name": "DIVAR IP 5000", + "version": { + "version_data": [ + { + "configuration": "port 8023 on device's firewall opened explicitly and vulnerable VSG version installed", + "version_affected": "<=", + "version_value": "3.80.0039" + } + ] + } + }, + { + "product_name": "Video Streaming Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.45", + "version_value": "6.45.08" + }, + { + "version_affected": "<=", + "version_name": "6.44", + "version_value": "6.44.0030" + }, + { + "version_affected": "<=", + "version_name": "6.43", + "version_value": "6.43.0023" + }, + { + "version_affected": "<=", + "version_name": "6.42 and older", + "version_value": "6.42.10" + } + ] + } + }, + { + "product_name": "DIVAR IP 3000", + "version": { + "version_data": [ + { + "configuration": "vulnerable VSG version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + }, + { + "product_name": "DIVAR IP 7000", + "version": { + "version_data": [ + { + "configuration": "vulnerable VSG version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + }, + { + "product_name": "DIVAR IP all-in-one 5000", + "version": { + "version_data": [ + { + "configuration": "vulnerable VSG version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html" + } + ] + }, + "source": { + "advisory": "BOSCH-SA-260625-BT", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6770.json b/2020/6xxx/CVE-2020-6770.json index 6fd8249ca03..c37b72f33f8 100644 --- a/2020/6xxx/CVE-2020-6770.json +++ b/2020/6xxx/CVE-2020-6770.json @@ -1,18 +1,141 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2020-01-29T13:00:00.000Z", "ID": "CVE-2020-6770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIVAR IP 3000", + "version": { + "version_data": [ + { + "configuration": "vulnerable BVMS MVS version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + }, + { + "product": { + "product_data": [ + { + "product_name": "DIVAR IP 7000", + "version": { + "version_data": [ + { + "configuration": "vulnerable BVMS MVS version installed", + "version_affected": "=", + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + }, + { + "product": { + "product_data": [ + { + "product_name": "BVMS Mobile Video Service", + "version": { + "version_data": [ + { + "configuration": "patch for security issue 243748 not installed", + "version_affected": "<=", + "version_value": "8.0.0.329" + }, + { + "configuration": "patch for security issue 243748 not installed", + "version_affected": "<=", + "version_value": "9.0.0.827" + }, + { + "configuration": "patch for security issue 243748 not installed", + "version_affected": "<=", + "version_value": "10.0.0.1225" + }, + { + "version_affected": "<=", + "version_value": "7.5" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html" + } + ] + }, + "source": { + "advisory": "BOSCH-SA-885551-BT", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6833.json b/2020/6xxx/CVE-2020-6833.json index 9bbd4896370..fed8d923bce 100644 --- a/2020/6xxx/CVE-2020-6833.json +++ b/2020/6xxx/CVE-2020-6833.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6833", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6833", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6854.json b/2020/6xxx/CVE-2020-6854.json index bc711820e75..46d1a4cf962 100644 --- a/2020/6xxx/CVE-2020-6854.json +++ b/2020/6xxx/CVE-2020-6854.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6854", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://change.sos-berlin.com/browse/JOC-854", + "url": "https://change.sos-berlin.com/browse/JOC-854" } ] } diff --git a/2020/6xxx/CVE-2020-6855.json b/2020/6xxx/CVE-2020-6855.json index ac14361b7fb..e3d6168d8ba 100644 --- a/2020/6xxx/CVE-2020-6855.json +++ b/2020/6xxx/CVE-2020-6855.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://change.sos-berlin.com/browse/JITL-590", + "url": "https://change.sos-berlin.com/browse/JITL-590" } ] } diff --git a/2020/6xxx/CVE-2020-6856.json b/2020/6xxx/CVE-2020-6856.json index f5fb1e825a1..775eda2ceed 100644 --- a/2020/6xxx/CVE-2020-6856.json +++ b/2020/6xxx/CVE-2020-6856.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6856", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6856", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://change.sos-berlin.com/browse/JOC-853", + "url": "https://change.sos-berlin.com/browse/JOC-853" } ] } diff --git a/2020/6xxx/CVE-2020-6969.json b/2020/6xxx/CVE-2020-6969.json index 2d55439c0dd..bc0e802bd3d 100644 --- a/2020/6xxx/CVE-2020-6969.json +++ b/2020/6xxx/CVE-2020-6969.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6969", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "C-More Touch Panels EA9 series", + "version": { + "version_data": [ + { + "version_value": "firmware versions prior to 6.53" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INSUFFICIENTLY PROTECTED CREDENTIALS (CWE-522)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-035-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-035-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It is possible to unmask credentials and other sensitive information on \u201cunprotected\u201d project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations." } ] } diff --git a/2020/6xxx/CVE-2020-6973.json b/2020/6xxx/CVE-2020-6973.json index d6bb6f1eaed..f0afbbd69fa 100644 --- a/2020/6xxx/CVE-2020-6973.json +++ b/2020/6xxx/CVE-2020-6973.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Digi International ConnectPort LTS 32 MEI", + "version": { + "version_data": [ + { + "version_value": "Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition." } ] } diff --git a/2020/6xxx/CVE-2020-6975.json b/2020/6xxx/CVE-2020-6975.json index 1c7fc00d56d..e4145414651 100644 --- a/2020/6xxx/CVE-2020-6975.json +++ b/2020/6xxx/CVE-2020-6975.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6975", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Digi International ConnectPort LTS 32 MEI", + "version": { + "version_data": [ + { + "version_value": "Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application." } ] } diff --git a/2020/7xxx/CVE-2020-7039.json b/2020/7xxx/CVE-2020-7039.json index 3266e2f61e6..5195f9d2e66 100644 --- a/2020/7xxx/CVE-2020-7039.json +++ b/2020/7xxx/CVE-2020-7039.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4616", "url": "https://www.debian.org/security/2020/dsa-4616" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0348", + "url": "https://access.redhat.com/errata/RHSA-2020:0348" } ] } diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json index cc8522bd4fe..6aa7e9f724b 100644 --- a/2020/7xxx/CVE-2020-7040.json +++ b/2020/7xxx/CVE-2020-7040.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0119", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00054.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200205 [SECURITY] [DLA 2095-1] storebackup security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00003.html" } ] } diff --git a/2020/7xxx/CVE-2020-7046.json b/2020/7xxx/CVE-2020-7046.json index aee66cf6ac7..f27354a8853 100644 --- a/2020/7xxx/CVE-2020-7046.json +++ b/2020/7xxx/CVE-2020-7046.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7046", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7046", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dovecot.org/security", + "refsource": "MISC", + "name": "https://dovecot.org/security" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/02/12/1", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/1" + }, + { + "refsource": "CONFIRM", + "name": "https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html", + "url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7050.json b/2020/7xxx/CVE-2020-7050.json index 5e2daa9bfdd..d7ca29a141f 100644 --- a/2020/7xxx/CVE-2020-7050.json +++ b/2020/7xxx/CVE-2020-7050.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7050", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7050", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845", + "url": "https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845" + }, + { + "refsource": "MISC", + "name": "https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg/", + "url": "https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg/" } ] } diff --git a/2020/7xxx/CVE-2020-7051.json b/2020/7xxx/CVE-2020-7051.json index 5a3689796d1..7cc2f2030f0 100644 --- a/2020/7xxx/CVE-2020-7051.json +++ b/2020/7xxx/CVE-2020-7051.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7051", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7051", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845", + "url": "https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845" + }, + { + "refsource": "MISC", + "name": "https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg/", + "url": "https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg/" } ] } diff --git a/2020/7xxx/CVE-2020-7053.json b/2020/7xxx/CVE-2020-7053.json index ed770d9586f..c8846b6e742 100644 --- a/2020/7xxx/CVE-2020-7053.json +++ b/2020/7xxx/CVE-2020-7053.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4255-2", "url": "https://usn.ubuntu.com/4255-2/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" } ] } diff --git a/2020/7xxx/CVE-2020-7059.json b/2020/7xxx/CVE-2020-7059.json index d69faee854d..8dd9da73820 100644 --- a/2020/7xxx/CVE-2020-7059.json +++ b/2020/7xxx/CVE-2020-7059.json @@ -3,16 +3,111 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@php.net", "ID": "CVE-2020-7059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2020-01-21T15:21:00.000Z", + "STATE": "PUBLIC", + "TITLE": "OOB read in php_strip_tags_ex" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.2.x", + "version_value": "7.2.27" + }, + { + "version_affected": "<", + "version_name": "7.3.x", + "version_value": "7.3.14" + }, + { + "version_affected": "<", + "version_name": "7.4.x", + "version_value": "7.4.2" + } + ] + } + } + ] + }, + "vendor_name": "PHP Group" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reported by wxhusst at gmail dot com" + } + ], "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=79099", + "name": "https://bugs.php.net/bug.php?id=79099" + } + ] + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=79099" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Usage of fgetss() has been DEPRECATED as of PHP 7.3.0. Please use strip_tags() or other means sanitizing HTML code. " + } + ] } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7060.json b/2020/7xxx/CVE-2020-7060.json index d4a162e2587..900b52e8791 100644 --- a/2020/7xxx/CVE-2020-7060.json +++ b/2020/7xxx/CVE-2020-7060.json @@ -3,16 +3,105 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2020-01-21T15:21:00.000Z", "ID": "CVE-2020-7060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "global buffer-overflow in mbfl_filt_conv_big5_wchar" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.2.x", + "version_value": "7.2.27" + }, + { + "version_affected": "<", + "version_name": "7.3.x", + "version_value": "7.3.14" + }, + { + "version_affected": "<", + "version_name": "7.4.x", + "version_value": "7.4.2" + } + ] + } + } + ] + }, + "vendor_name": "PHP Group" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reported by reza at iseclab dot org" + } + ], "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=79037", + "name": "https://bugs.php.net/bug.php?id=79037" + } + ] + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=79037" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7108.json b/2020/7xxx/CVE-2020-7108.json index 39dc2dd0818..0feccad5cd7 100644 --- a/2020/7xxx/CVE-2020-7108.json +++ b/2020/7xxx/CVE-2020-7108.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://www.jinsonvarghese.com/reflected-xss-in-learndash-wordpress-plugin/", "url": "https://www.jinsonvarghese.com/reflected-xss-in-learndash-wordpress-plugin/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156275/LearnDash-WordPress-LMS-3.1.2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156275/LearnDash-WordPress-LMS-3.1.2-Cross-Site-Scripting.html" } ] } diff --git a/2020/7xxx/CVE-2020-7208.json b/2020/7xxx/CVE-2020-7208.json index b43c3f7d680..1b9fdd23843 100644 --- a/2020/7xxx/CVE-2020-7208.json +++ b/2020/7xxx/CVE-2020-7208.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LinuxKI", + "version": { + "version_data": [ + { + "version_value": "6.0-1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2", + "url": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2." } ] } diff --git a/2020/7xxx/CVE-2020-7209.json b/2020/7xxx/CVE-2020-7209.json index f4ab6412b8a..4d8f7de0194 100644 --- a/2020/7xxx/CVE-2020-7209.json +++ b/2020/7xxx/CVE-2020-7209.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LinuxKI", + "version": { + "version_data": [ + { + "version_value": "6.0-1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2", + "url": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2." } ] } diff --git a/2020/7xxx/CVE-2020-7216.json b/2020/7xxx/CVE-2020-7216.json index 6bee60a9464..88b1b8f8fbd 100644 --- a/2020/7xxx/CVE-2020-7216.json +++ b/2020/7xxx/CVE-2020-7216.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7216", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7216", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00005.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00005.html" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160905", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160905" } ] } diff --git a/2020/7xxx/CVE-2020-7217.json b/2020/7xxx/CVE-2020-7217.json index 04dada48b1a..9e25bb3f3df 100644 --- a/2020/7xxx/CVE-2020-7217.json +++ b/2020/7xxx/CVE-2020-7217.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7217", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7217", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160906", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160906" + }, + { + "refsource": "MISC", + "name": "https://www.suse.com/security/cve/CVE-2020-7217/", + "url": "https://www.suse.com/security/cve/CVE-2020-7217/" + }, + { + "refsource": "MISC", + "name": "https://github.com/openSUSE/wicked/releases", + "url": "https://github.com/openSUSE/wicked/releases" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0207", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00011.html" } ] } diff --git a/2020/7xxx/CVE-2020-7221.json b/2020/7xxx/CVE-2020-7221.json index a7dc9e435e4..8ccc5916a3d 100644 --- a/2020/7xxx/CVE-2020-7221.json +++ b/2020/7xxx/CVE-2020-7221.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7221", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7221", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2020/q1/55", + "url": "https://seclists.org/oss-sec/2020/q1/55" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160868", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160868" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618", + "url": "https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618" } ] } diff --git a/2020/7xxx/CVE-2020-7238.json b/2020/7xxx/CVE-2020-7238.json index e099fbad858..43eabac07f1 100644 --- a/2020/7xxx/CVE-2020-7238.json +++ b/2020/7xxx/CVE-2020-7238.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/jdordonezn/CVE-2020-72381/issues/1", "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0497", + "url": "https://access.redhat.com/errata/RHSA-2020:0497" } ] } diff --git a/2020/7xxx/CVE-2020-7240.json b/2020/7xxx/CVE-2020-7240.json index b93df28473c..d2308784344 100644 --- a/2020/7xxx/CVE-2020-7240.json +++ b/2020/7xxx/CVE-2020-7240.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration)." + "value": "** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.'" } ] }, @@ -61,6 +61,11 @@ "url": "https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html", "refsource": "MISC", "name": "https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html" + }, + { + "refsource": "MISC", + "name": "https://wolke.meinberg.de/index.php/s/dKP3PKgFXS6sPRE#pdfviewer", + "url": "https://wolke.meinberg.de/index.php/s/dKP3PKgFXS6sPRE#pdfviewer" } ] } diff --git a/2020/7xxx/CVE-2020-7241.json b/2020/7xxx/CVE-2020-7241.json index 6dfcebe69c4..54171fdace4 100644 --- a/2020/7xxx/CVE-2020-7241.json +++ b/2020/7xxx/CVE-2020-7241.json @@ -61,6 +61,11 @@ "url": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md", "refsource": "MISC", "name": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "https://zeroauth.ltd/blog/2020/01/21/analysis-on-cve-2020-7241-misrepresenting-a-security-vulnerability/", + "url": "https://zeroauth.ltd/blog/2020/01/21/analysis-on-cve-2020-7241-misrepresenting-a-security-vulnerability/" } ] } diff --git a/2020/7xxx/CVE-2020-7247.json b/2020/7xxx/CVE-2020-7247.json index 5b1ddaa91b7..0a3353cd7ec 100644 --- a/2020/7xxx/CVE-2020-7247.json +++ b/2020/7xxx/CVE-2020-7247.json @@ -96,6 +96,21 @@ "refsource": "FULLDISC", "name": "20200131 LPE and RCE in OpenSMTPD (CVE-2020-7247)", "url": "http://seclists.org/fulldisclosure/2020/Jan/49" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4268-1", + "url": "https://usn.ubuntu.com/4268-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7251.json b/2020/7xxx/CVE-2020-7251.json index 66934669134..60f80cfa0f4 100644 --- a/2020/7xxx/CVE-2020-7251.json +++ b/2020/7xxx/CVE-2020-7251.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2020-7251", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ESConfig Tool able to edit configuration for newer version" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mcafee Endpoint Security (ENS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.6.x", + "version_value": "10.6.1 February 2020 update" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358 Improperly Implemented Security Check for Standard" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10299", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10299" + } + ] + }, + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2020/7xxx/CVE-2020-7252.json b/2020/7xxx/CVE-2020-7252.json index 5349af8620f..4800e8da27e 100644 --- a/2020/7xxx/CVE-2020-7252.json +++ b/2020/7xxx/CVE-2020-7252.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2020-7252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Unquoted service executable path" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Exchange Layer (DXL) Broker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.x", + "version_value": "6.0.0" + }, + { + "version_affected": "<=", + "version_name": "5.0.x", + "version_value": "5.0.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250 Execution with Unnecessary Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10307", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10307" + } + ] + }, + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2020/7xxx/CVE-2020-7471.json b/2020/7xxx/CVE-2020-7471.json index fe1d2d6f5c0..fba68927fe3 100644 --- a/2020/7xxx/CVE-2020-7471.json +++ b/2020/7xxx/CVE-2020-7471.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136", "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136" + }, + { + "refsource": "UBUNTU", + "name": "USN-4264-1", + "url": "https://usn.ubuntu.com/4264-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7595.json b/2020/7xxx/CVE-2020-7595.json index e6f727a946e..1cac719ef9c 100644 --- a/2020/7xxx/CVE-2020-7595.json +++ b/2020/7xxx/CVE-2020-7595.json @@ -56,6 +56,11 @@ "url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-41fe1680f6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/" } ] } diff --git a/2020/7xxx/CVE-2020-7920.json b/2020/7xxx/CVE-2020-7920.json index 0e8643a8a63..fbf2c2597ed 100644 --- a/2020/7xxx/CVE-2020-7920.json +++ b/2020/7xxx/CVE-2020-7920.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7920", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7920", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.percona.com/doc/percona-monitoring-and-management/2.x/release-notes/2.2.1.html", + "refsource": "MISC", + "name": "https://www.percona.com/doc/percona-monitoring-and-management/2.x/release-notes/2.2.1.html" + }, + { + "url": "https://jira.percona.com/browse/PMM-5233", + "refsource": "MISC", + "name": "https://jira.percona.com/browse/PMM-5233" + }, + { + "url": "https://jira.percona.com/browse/PMM-5232", + "refsource": "MISC", + "name": "https://jira.percona.com/browse/PMM-5232" + }, + { + "refsource": "MISC", + "name": "https://www.percona.com/blog/2020/02/03/improvements-in-pmm-bug-fixes-in-percona-server-percona-backup-for-mongodb-alert-release-roundup-2-3-2020/", + "url": "https://www.percona.com/blog/2020/02/03/improvements-in-pmm-bug-fixes-in-percona-server-percona-backup-for-mongodb-alert-release-roundup-2-3-2020/" } ] } diff --git a/2020/7xxx/CVE-2020-7953.json b/2020/7xxx/CVE-2020-7953.json index 7112ad9dd53..18b2a957724 100644 --- a/2020/7xxx/CVE-2020-7953.json +++ b/2020/7xxx/CVE-2020-7953.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7953", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7953", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@ph0rensic", + "refsource": "MISC", + "name": "https://medium.com/@ph0rensic" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5", + "url": "https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5" } ] } diff --git a/2020/7xxx/CVE-2020-7954.json b/2020/7xxx/CVE-2020-7954.json index c0acbb64121..0d189fb6393 100644 --- a/2020/7xxx/CVE-2020-7954.json +++ b/2020/7xxx/CVE-2020-7954.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@ph0rensic", + "refsource": "MISC", + "name": "https://medium.com/@ph0rensic" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5", + "url": "https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5" } ] } diff --git a/2020/7xxx/CVE-2020-7957.json b/2020/7xxx/CVE-2020-7957.json index 1a405df7970..d9d38dd77ba 100644 --- a/2020/7xxx/CVE-2020-7957.json +++ b/2020/7xxx/CVE-2020-7957.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7957", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7957", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dovecot.org/security", + "refsource": "MISC", + "name": "https://dovecot.org/security" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/02/12/2", + "url": "http://www.openwall.com/lists/oss-security/2020/02/12/2" + }, + { + "refsource": "CONFIRM", + "name": "https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html", + "url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7966.json b/2020/7xxx/CVE-2020-7966.json index 1fcec07d40b..ff68608b0d5 100644 --- a/2020/7xxx/CVE-2020-7966.json +++ b/2020/7xxx/CVE-2020-7966.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7966", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7966", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7967.json b/2020/7xxx/CVE-2020-7967.json index c347aa6a9a2..80e69994872 100644 --- a/2020/7xxx/CVE-2020-7967.json +++ b/2020/7xxx/CVE-2020-7967.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7967", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7967", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7968.json b/2020/7xxx/CVE-2020-7968.json index cd53def4693..a4d4ca5e55a 100644 --- a/2020/7xxx/CVE-2020-7968.json +++ b/2020/7xxx/CVE-2020-7968.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7968", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7968", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 8.0 through 12.7.2 has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7969.json b/2020/7xxx/CVE-2020-7969.json index 7d0dcb61853..0b344457039 100644 --- a/2020/7xxx/CVE-2020-7969.json +++ b/2020/7xxx/CVE-2020-7969.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7969", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7969", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7971.json b/2020/7xxx/CVE-2020-7971.json index ef43611e8b9..966db86ef82 100644 --- a/2020/7xxx/CVE-2020-7971.json +++ b/2020/7xxx/CVE-2020-7971.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7971", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7971", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 11.0 and later through 12.7.2 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7972.json b/2020/7xxx/CVE-2020-7972.json index d135619f247..d2f0d404b36 100644 --- a/2020/7xxx/CVE-2020-7972.json +++ b/2020/7xxx/CVE-2020-7972.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7972", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7972", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 12.2 has Insecure Permissions (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7973.json b/2020/7xxx/CVE-2020-7973.json index ab133e86132..a217003a5c0 100644 --- a/2020/7xxx/CVE-2020-7973.json +++ b/2020/7xxx/CVE-2020-7973.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7973", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7973", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab through 12.7.2 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "url": "https://gitlab.com/gitlab-org/security/gitlab/issues/14", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/security/gitlab/issues/14" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7974.json b/2020/7xxx/CVE-2020-7974.json index 0ce7d08bcee..a0da6769c00 100644 --- a/2020/7xxx/CVE-2020-7974.json +++ b/2020/7xxx/CVE-2020-7974.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7974", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7974", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 10.1 through 12.7.2 allows Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7976.json b/2020/7xxx/CVE-2020-7976.json index a2e74f981cb..13054705b2e 100644 --- a/2020/7xxx/CVE-2020-7976.json +++ b/2020/7xxx/CVE-2020-7976.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7976", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7976", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7977.json b/2020/7xxx/CVE-2020-7977.json index 8b278845071..fc7a0cc0392 100644 --- a/2020/7xxx/CVE-2020-7977.json +++ b/2020/7xxx/CVE-2020-7977.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7977", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7977", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7978.json b/2020/7xxx/CVE-2020-7978.json index 254b8bc4f7c..8c6edcf51ec 100644 --- a/2020/7xxx/CVE-2020-7978.json +++ b/2020/7xxx/CVE-2020-7978.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7978", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7978", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 12.6 and later through 12.7.2 allows Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/7xxx/CVE-2020-7979.json b/2020/7xxx/CVE-2020-7979.json index bf229470ac5..367179c5ee9 100644 --- a/2020/7xxx/CVE-2020-7979.json +++ b/2020/7xxx/CVE-2020-7979.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7979", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7979", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 8.9 and later through 12.7.2 has Insecure Permission" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/8xxx/CVE-2020-8089.json b/2020/8xxx/CVE-2020-8089.json index 5c61d0bad93..42eae19bec3 100644 --- a/2020/8xxx/CVE-2020-8089.json +++ b/2020/8xxx/CVE-2020-8089.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8089", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8089", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://piwigo.org/forum/viewforum.php?id=23", + "refsource": "MISC", + "name": "https://piwigo.org/forum/viewforum.php?id=23" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Piwigo/Piwigo/issues/1150", + "url": "https://github.com/Piwigo/Piwigo/issues/1150" } ] } diff --git a/2020/8xxx/CVE-2020-8095.json b/2020/8xxx/CVE-2020-8095.json index c7f0ab9ca7f..4da77396b7e 100644 --- a/2020/8xxx/CVE-2020-8095.json +++ b/2020/8xxx/CVE-2020-8095.json @@ -84,6 +84,11 @@ "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021", "name": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-198/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-198/" } ] }, diff --git a/2020/8xxx/CVE-2020-8114.json b/2020/8xxx/CVE-2020-8114.json index ecd3e6e2ff7..42350f32876 100644 --- a/2020/8xxx/CVE-2020-8114.json +++ b/2020/8xxx/CVE-2020-8114.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8114", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 8.9 and later through 12.7.2 has Insecure Permission" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/categories/releases/" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab/issues/37468", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/issues/37468" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" } ] } diff --git a/2020/8xxx/CVE-2020-8115.json b/2020/8xxx/CVE-2020-8115.json index 7ad1f446cbd..31cdbbe0e17 100644 --- a/2020/8xxx/CVE-2020-8115.json +++ b/2020/8xxx/CVE-2020-8115.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/revive-adserver/revive-adserver", + "version": { + "version_data": [ + { + "version_value": "Fixed version v5.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/775693", + "url": "https://hackerone.com/reports/775693" + }, + { + "refsource": "MISC", + "name": "https://www.revive-adserver.com/security/revive-sa-2020-001/", + "url": "https://www.revive-adserver.com/security/revive-sa-2020-001/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim." } ] } diff --git a/2020/8xxx/CVE-2020-8116.json b/2020/8xxx/CVE-2020-8116.json index de688feb8f4..203cb486a7f 100644 --- a/2020/8xxx/CVE-2020-8116.json +++ b/2020/8xxx/CVE-2020-8116.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "dot-prop", + "version": { + "version_data": [ + { + "version_value": "Fixed version: 5.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/719856", + "url": "https://hackerone.com/reports/719856" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects." } ] } diff --git a/2020/8xxx/CVE-2020-8117.json b/2020/8xxx/CVE-2020-8117.json index 1a9a63d5ac0..56459ca0a32 100644 --- a/2020/8xxx/CVE-2020-8117.json +++ b/2020/8xxx/CVE-2020-8117.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "14.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/439828", + "url": "https://hackerone.com/reports/439828" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-013", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-013" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event." } ] } diff --git a/2020/8xxx/CVE-2020-8118.json b/2020/8xxx/CVE-2020-8118.json index fc4b5ff2077..cb0a134e21d 100644 --- a/2020/8xxx/CVE-2020-8118.json +++ b/2020/8xxx/CVE-2020-8118.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "16.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF) (CWE-918)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/427835", + "url": "https://hackerone.com/reports/427835" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-014", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-014" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0220", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application." } ] } diff --git a/2020/8xxx/CVE-2020-8119.json b/2020/8xxx/CVE-2020-8119.json index 6d5404216f0..e224e759d38 100644 --- a/2020/8xxx/CVE-2020-8119.json +++ b/2020/8xxx/CVE-2020-8119.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "17.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/719426", + "url": "https://hackerone.com/reports/719426" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-012", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-012" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0220", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app." } ] } diff --git a/2020/8xxx/CVE-2020-8120.json b/2020/8xxx/CVE-2020-8120.json index 6db3b1906b2..8b53962bad0 100644 --- a/2020/8xxx/CVE-2020-8120.json +++ b/2020/8xxx/CVE-2020-8120.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "16.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/605915", + "url": "https://hackerone.com/reports/605915" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-004", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation." } ] } diff --git a/2020/8xxx/CVE-2020-8121.json b/2020/8xxx/CVE-2020-8121.json index 66b18052a5c..77f1c352255 100644 --- a/2020/8xxx/CVE-2020-8121.json +++ b/2020/8xxx/CVE-2020-8121.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "14.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/452854", + "url": "https://hackerone.com/reports/452854" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-003", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-003" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer." } ] } diff --git a/2020/8xxx/CVE-2020-8122.json b/2020/8xxx/CVE-2020-8122.json index 203800f779a..49c969dc875 100644 --- a/2020/8xxx/CVE-2020-8122.json +++ b/2020/8xxx/CVE-2020-8122.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud server", + "version": { + "version_data": [ + { + "version_value": "14.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/447494", + "url": "https://hackerone.com/reports/447494" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-002", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-002" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received." } ] } diff --git a/2020/8xxx/CVE-2020-8123.json b/2020/8xxx/CVE-2020-8123.json index 1d9acaccfc0..4475ecee453 100644 --- a/2020/8xxx/CVE-2020-8123.json +++ b/2020/8xxx/CVE-2020-8123.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Strapi", + "version": { + "version_data": [ + { + "version_value": "v3.0.0-beta.18.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/768574", + "url": "https://hackerone.com/reports/768574" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application." } ] } diff --git a/2020/8xxx/CVE-2020-8124.json b/2020/8xxx/CVE-2020-8124.json index 61fb13b9ce5..1e16345b257 100644 --- a/2020/8xxx/CVE-2020-8124.json +++ b/2020/8xxx/CVE-2020-8124.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "url-parse", + "version": { + "version_data": [ + { + "version_value": "Fixed Version 1.4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/496293", + "url": "https://hackerone.com/reports/496293" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks." } ] } diff --git a/2020/8xxx/CVE-2020-8125.json b/2020/8xxx/CVE-2020-8125.json index cc0fdeb7b7e..7189e027b38 100644 --- a/2020/8xxx/CVE-2020-8125.json +++ b/2020/8xxx/CVE-2020-8125.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "klona npm module", + "version": { + "version_data": [ + { + "version_value": "Fixed Version: v1.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/778414", + "url": "https://hackerone.com/reports/778414" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona." } ] } diff --git a/2020/8xxx/CVE-2020-8126.json b/2020/8xxx/CVE-2020-8126.json index 3383761fe86..020d733944f 100644 --- a/2020/8xxx/CVE-2020-8126.json +++ b/2020/8xxx/CVE-2020-8126.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EdgeSwitch", + "version": { + "version_data": [ + { + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/197958", + "url": "https://hackerone.com/reports/197958" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15)." } ] } diff --git a/2020/8xxx/CVE-2020-8128.json b/2020/8xxx/CVE-2020-8128.json index d9a4d45139b..30ae39ef01c 100644 --- a/2020/8xxx/CVE-2020-8128.json +++ b/2020/8xxx/CVE-2020-8128.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "jsreport", + "version": { + "version_data": [ + { + "version_value": "Fixed version: 2.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inclusion of Functionality from Untrusted Control Sphere (CWE-829)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/660565", + "url": "https://hackerone.com/reports/660565" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code." } ] } diff --git a/2020/8xxx/CVE-2020-8129.json b/2020/8xxx/CVE-2020-8129.json index 9c3a00fdae1..241486b28bf 100644 --- a/2020/8xxx/CVE-2020-8129.json +++ b/2020/8xxx/CVE-2020-8129.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "script-manager", + "version": { + "version_data": [ + { + "version_value": "Fixed version: 0.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection (CWE-94)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/660563", + "url": "https://hackerone.com/reports/660563" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code." } ] } diff --git a/2020/8xxx/CVE-2020-8427.json b/2020/8xxx/CVE-2020-8427.json index 3ee8098fb8a..992a64c8078 100644 --- a/2020/8xxx/CVE-2020-8427.json +++ b/2020/8xxx/CVE-2020-8427.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://helpdesk.kaseya.com/hc/en-gb/articles/360005409538-Traverse-9-5-20-13-February-2020", + "url": "https://helpdesk.kaseya.com/hc/en-gb/articles/360005409538-Traverse-9-5-20-13-February-2020" } ] } diff --git a/2020/8xxx/CVE-2020-8429.json b/2020/8xxx/CVE-2020-8429.json index bd146386863..5faeb8b39c2 100644 --- a/2020/8xxx/CVE-2020-8429.json +++ b/2020/8xxx/CVE-2020-8429.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8429", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8429", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.kinetica.com/hc/en-us/categories/360001223653-Release-Notes", + "refsource": "MISC", + "name": "https://support.kinetica.com/hc/en-us/categories/360001223653-Release-Notes" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-command-injection/?research=Technical+advisories", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-command-injection/?research=Technical+advisories" } ] } diff --git a/2020/8xxx/CVE-2020-8449.json b/2020/8xxx/CVE-2020-8449.json index 17ce4508f2d..68938635c13 100644 --- a/2020/8xxx/CVE-2020-8449.json +++ b/2020/8xxx/CVE-2020-8449.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8449", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8449", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" } ] } diff --git a/2020/8xxx/CVE-2020-8450.json b/2020/8xxx/CVE-2020-8450.json index 7a810a2d804..cbf8a12e605 100644 --- a/2020/8xxx/CVE-2020-8450.json +++ b/2020/8xxx/CVE-2020-8450.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8450", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8450", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" } ] } diff --git a/2020/8xxx/CVE-2020-8493.json b/2020/8xxx/CVE-2020-8493.json index 590aa5e6aa4..d6fd86faa1e 100644 --- a/2020/8xxx/CVE-2020-8493.json +++ b/2020/8xxx/CVE-2020-8493.json @@ -61,6 +61,11 @@ "url": "https://www.kronos.com/products/kronos-webta", "refsource": "MISC", "name": "https://www.kronos.com/products/kronos-webta" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html" } ] }, diff --git a/2020/8xxx/CVE-2020-8495.json b/2020/8xxx/CVE-2020-8495.json index 0a45c8d6af3..7f680ca254c 100644 --- a/2020/8xxx/CVE-2020-8495.json +++ b/2020/8xxx/CVE-2020-8495.json @@ -61,6 +61,11 @@ "url": "http://www.nolanbkennedy.com/post/privilege-escalation-in-kronos-web-time-and-attendance-webta", "refsource": "MISC", "name": "http://www.nolanbkennedy.com/post/privilege-escalation-in-kronos-web-time-and-attendance-webta" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html" } ] }, diff --git a/2020/8xxx/CVE-2020-8506.json b/2020/8xxx/CVE-2020-8506.json index 4933830d65b..2fb18382da0 100644 --- a/2020/8xxx/CVE-2020-8506.json +++ b/2020/8xxx/CVE-2020-8506.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8506", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8506", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.info-sec.ca/advisories.html", + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories.html" + }, + { + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories/Global-TV.html", + "url": "https://www.info-sec.ca/advisories/Global-TV.html" } ] } diff --git a/2020/8xxx/CVE-2020-8507.json b/2020/8xxx/CVE-2020-8507.json index c925ab2b6ab..81459d6de7e 100644 --- a/2020/8xxx/CVE-2020-8507.json +++ b/2020/8xxx/CVE-2020-8507.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8507", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8507", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.info-sec.ca/advisories.html", + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories.html" + }, + { + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories/Citytv-Video.html", + "url": "https://www.info-sec.ca/advisories/Citytv-Video.html" } ] } diff --git a/2020/8xxx/CVE-2020-8515.json b/2020/8xxx/CVE-2020-8515.json index 118b29baeec..34c09a6c2eb 100644 --- a/2020/8xxx/CVE-2020-8515.json +++ b/2020/8xxx/CVE-2020-8515.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI." + "value": "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1." } ] }, @@ -56,6 +56,11 @@ "url": "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", "refsource": "MISC", "name": "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html" + }, + { + "refsource": "MISC", + "name": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/", + "url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/" } ] } diff --git a/2020/8xxx/CVE-2020-8516.json b/2020/8xxx/CVE-2020-8516.json index 810971a97e4..2841470e9a6 100644 --- a/2020/8xxx/CVE-2020-8516.json +++ b/2020/8xxx/CVE-2020-8516.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information." + "value": "** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability." } ] }, @@ -56,6 +56,26 @@ "url": "https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html", "refsource": "MISC", "name": "https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html" + }, + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html", + "url": "https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2020-8516", + "url": "https://security-tracker.debian.org/tracker/CVE-2020-8516" + }, + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html", + "url": "https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/33129", + "url": "https://trac.torproject.org/projects/tor/ticket/33129" } ] } diff --git a/2020/8xxx/CVE-2020-8517.json b/2020/8xxx/CVE-2020-8517.json index 63141ae5d53..4ba6da7a45d 100644 --- a/2020/8xxx/CVE-2020-8517.json +++ b/2020/8xxx/CVE-2020-8517.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8517", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8517", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch" } ] } diff --git a/2020/8xxx/CVE-2020-8518.json b/2020/8xxx/CVE-2020-8518.json index 3856547d5ae..da1f5de48bc 100644 --- a/2020/8xxx/CVE-2020-8518.json +++ b/2020/8xxx/CVE-2020-8518.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8518", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8518", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FEDORA", + "name": "FEDORA-2020-0248ad925e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1e7cc91d55", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKTNYDBDVJNMVC7QPXQI7CMPLX3USZ2T/" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.horde.org/archives/announce/2020/001285.html", + "url": "https://lists.horde.org/archives/announce/2020/001285.html" } ] } diff --git a/2020/8xxx/CVE-2020-8594.json b/2020/8xxx/CVE-2020-8594.json index 344151422ac..08df063d72e 100644 --- a/2020/8xxx/CVE-2020-8594.json +++ b/2020/8xxx/CVE-2020-8594.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8594", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8594", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wordpress.org/plugins/ninja-forms/#developers", + "url": "https://wordpress.org/plugins/ninja-forms/#developers" + }, + { + "refsource": "MISC", + "name": "https://spider-security.co.uk/blog-cve-cve-2020-8594", + "url": "https://spider-security.co.uk/blog-cve-cve-2020-8594" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10070", + "url": "https://wpvulndb.com/vulnerabilities/10070" } ] } diff --git a/2020/8xxx/CVE-2020-8595.json b/2020/8xxx/CVE-2020-8595.json index 8a2a19bef07..f1c27190f6f 100644 --- a/2020/8xxx/CVE-2020-8595.json +++ b/2020/8xxx/CVE-2020-8595.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8595", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8595", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Istio 1.3 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/istio/istio/commits/master", + "refsource": "MISC", + "name": "https://github.com/istio/istio/commits/master" + }, + { + "url": "https://istio.io/news/security/", + "refsource": "MISC", + "name": "https://istio.io/news/security/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0477", + "url": "https://access.redhat.com/errata/RHSA-2020:0477" + }, + { + "refsource": "CONFIRM", + "name": "https://access.redhat.com/security/cve/cve-2020-8595", + "url": "https://access.redhat.com/security/cve/cve-2020-8595" + }, + { + "refsource": "CONFIRM", + "name": "https://istio.io/news/security/istio-security-2020-001/", + "url": "https://istio.io/news/security/istio-security-2020-001/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595" } ] } diff --git a/2020/8xxx/CVE-2020-8596.json b/2020/8xxx/CVE-2020-8596.json index 975711bd6a4..8d33b5edad4 100644 --- a/2020/8xxx/CVE-2020-8596.json +++ b/2020/8xxx/CVE-2020-8596.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8596", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8596", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.impenetrable.tech/cve-2020-8596", + "url": "https://blog.impenetrable.tech/cve-2020-8596" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10068", + "url": "https://wpvulndb.com/vulnerabilities/10068" } ] } diff --git a/2020/8xxx/CVE-2020-8597.json b/2020/8xxx/CVE-2020-8597.json index 004a7326ada..608654ec000 100644 --- a/2020/8xxx/CVE-2020-8597.json +++ b/2020/8xxx/CVE-2020-8597.json @@ -56,6 +56,11 @@ "url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426", "refsource": "MISC", "name": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200209 [SECURITY] [DLA 2097-1] ppp security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html" } ] } diff --git a/2020/8xxx/CVE-2020-8598.json b/2020/8xxx/CVE-2020-8598.json new file mode 100644 index 00000000000..d636148446a --- /dev/null +++ b/2020/8xxx/CVE-2020-8598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8599.json b/2020/8xxx/CVE-2020-8599.json new file mode 100644 index 00000000000..cda20e79db5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8600.json b/2020/8xxx/CVE-2020-8600.json new file mode 100644 index 00000000000..93e0e97c2b2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8601.json b/2020/8xxx/CVE-2020-8601.json new file mode 100644 index 00000000000..e94db45e96e --- /dev/null +++ b/2020/8xxx/CVE-2020-8601.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8602.json b/2020/8xxx/CVE-2020-8602.json new file mode 100644 index 00000000000..6026407ef24 --- /dev/null +++ b/2020/8xxx/CVE-2020-8602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8603.json b/2020/8xxx/CVE-2020-8603.json new file mode 100644 index 00000000000..8f1662dda2f --- /dev/null +++ b/2020/8xxx/CVE-2020-8603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8604.json b/2020/8xxx/CVE-2020-8604.json new file mode 100644 index 00000000000..fb82ef31e52 --- /dev/null +++ b/2020/8xxx/CVE-2020-8604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8605.json b/2020/8xxx/CVE-2020-8605.json new file mode 100644 index 00000000000..7dd6848e35e --- /dev/null +++ b/2020/8xxx/CVE-2020-8605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8606.json b/2020/8xxx/CVE-2020-8606.json new file mode 100644 index 00000000000..1c7dab6f8dc --- /dev/null +++ b/2020/8xxx/CVE-2020-8606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8607.json b/2020/8xxx/CVE-2020-8607.json new file mode 100644 index 00000000000..89eba67ec1d --- /dev/null +++ b/2020/8xxx/CVE-2020-8607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8608.json b/2020/8xxx/CVE-2020-8608.json new file mode 100644 index 00000000000..4ec63c3006f --- /dev/null +++ b/2020/8xxx/CVE-2020-8608.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/02/06/2", + "url": "https://www.openwall.com/lists/oss-security/2020/02/06/2" + }, + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0", + "url": "https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8609.json b/2020/8xxx/CVE-2020-8609.json new file mode 100644 index 00000000000..899651c3d1a --- /dev/null +++ b/2020/8xxx/CVE-2020-8609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8610.json b/2020/8xxx/CVE-2020-8610.json new file mode 100644 index 00000000000..34344a092bb --- /dev/null +++ b/2020/8xxx/CVE-2020-8610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8611.json b/2020/8xxx/CVE-2020-8611.json new file mode 100644 index 00000000000..a03160757eb --- /dev/null +++ b/2020/8xxx/CVE-2020-8611.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm", + "url": "https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm" + }, + { + "refsource": "MISC", + "name": "https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020", + "url": "https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm", + "url": "https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm" + }, + { + "refsource": "CONFIRM", + "name": "https://status.moveitcloud.com/", + "url": "https://status.moveitcloud.com/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8612.json b/2020/8xxx/CVE-2020-8612.json new file mode 100644 index 00000000000..5fb8e949325 --- /dev/null +++ b/2020/8xxx/CVE-2020-8612.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm", + "url": "https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm" + }, + { + "refsource": "MISC", + "name": "https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020", + "url": "https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm", + "url": "https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm" + }, + { + "refsource": "CONFIRM", + "name": "https://status.moveitcloud.com/", + "url": "https://status.moveitcloud.com/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8613.json b/2020/8xxx/CVE-2020-8613.json new file mode 100644 index 00000000000..6a107fb389a --- /dev/null +++ b/2020/8xxx/CVE-2020-8613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8614.json b/2020/8xxx/CVE-2020-8614.json new file mode 100644 index 00000000000..8244f0b5deb --- /dev/null +++ b/2020/8xxx/CVE-2020-8614.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://improsec.com/tech-blog/RCE-Askey", + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/RCE-Askey" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8615.json b/2020/8xxx/CVE-2020-8615.json new file mode 100644 index 00000000000..09fe5ed1240 --- /dev/null +++ b/2020/8xxx/CVE-2020-8615.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/10058", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10058" + }, + { + "url": "https://www.themeum.com/tutor-lms-updated-v1-5-3/", + "refsource": "MISC", + "name": "https://www.themeum.com/tutor-lms-updated-v1-5-3/" + }, + { + "url": "https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/", + "refsource": "MISC", + "name": "https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/" + }, + { + "url": "https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/", + "refsource": "MISC", + "name": "https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8616.json b/2020/8xxx/CVE-2020-8616.json new file mode 100644 index 00000000000..abc48f6b20f --- /dev/null +++ b/2020/8xxx/CVE-2020-8616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8617.json b/2020/8xxx/CVE-2020-8617.json new file mode 100644 index 00000000000..2ac3c18b274 --- /dev/null +++ b/2020/8xxx/CVE-2020-8617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8618.json b/2020/8xxx/CVE-2020-8618.json new file mode 100644 index 00000000000..9e56d2630cf --- /dev/null +++ b/2020/8xxx/CVE-2020-8618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8619.json b/2020/8xxx/CVE-2020-8619.json new file mode 100644 index 00000000000..7158354b243 --- /dev/null +++ b/2020/8xxx/CVE-2020-8619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8620.json b/2020/8xxx/CVE-2020-8620.json new file mode 100644 index 00000000000..bb0b0e4c1be --- /dev/null +++ b/2020/8xxx/CVE-2020-8620.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8620", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8621.json b/2020/8xxx/CVE-2020-8621.json new file mode 100644 index 00000000000..6734c80b3c8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8621.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8622.json b/2020/8xxx/CVE-2020-8622.json new file mode 100644 index 00000000000..11a7d8fe4b3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8623.json b/2020/8xxx/CVE-2020-8623.json new file mode 100644 index 00000000000..80a82182371 --- /dev/null +++ b/2020/8xxx/CVE-2020-8623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8624.json b/2020/8xxx/CVE-2020-8624.json new file mode 100644 index 00000000000..67b48feda16 --- /dev/null +++ b/2020/8xxx/CVE-2020-8624.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8625.json b/2020/8xxx/CVE-2020-8625.json new file mode 100644 index 00000000000..b030a9f207c --- /dev/null +++ b/2020/8xxx/CVE-2020-8625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8626.json b/2020/8xxx/CVE-2020-8626.json new file mode 100644 index 00000000000..247c61dc42a --- /dev/null +++ b/2020/8xxx/CVE-2020-8626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8627.json b/2020/8xxx/CVE-2020-8627.json new file mode 100644 index 00000000000..85b484cc15d --- /dev/null +++ b/2020/8xxx/CVE-2020-8627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8628.json b/2020/8xxx/CVE-2020-8628.json new file mode 100644 index 00000000000..89d6d1a8204 --- /dev/null +++ b/2020/8xxx/CVE-2020-8628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8629.json b/2020/8xxx/CVE-2020-8629.json new file mode 100644 index 00000000000..90ed56f06a6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8629.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8629", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8630.json b/2020/8xxx/CVE-2020-8630.json new file mode 100644 index 00000000000..022f9e5602d --- /dev/null +++ b/2020/8xxx/CVE-2020-8630.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8630", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8631.json b/2020/8xxx/CVE-2020-8631.json new file mode 100644 index 00000000000..026d6aaf1ed --- /dev/null +++ b/2020/8xxx/CVE-2020-8631.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/canonical/cloud-init/pull/204", + "refsource": "MISC", + "name": "https://github.com/canonical/cloud-init/pull/204" + }, + { + "url": "https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8632.json b/2020/8xxx/CVE-2020-8632.json new file mode 100644 index 00000000000..cfda9895139 --- /dev/null +++ b/2020/8xxx/CVE-2020-8632.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795" + }, + { + "url": "https://github.com/canonical/cloud-init/pull/189", + "refsource": "MISC", + "name": "https://github.com/canonical/cloud-init/pull/189" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8633.json b/2020/8xxx/CVE-2020-8633.json new file mode 100644 index 00000000000..69ec7827c96 --- /dev/null +++ b/2020/8xxx/CVE-2020-8633.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8634.json b/2020/8xxx/CVE-2020-8634.json new file mode 100644 index 00000000000..7d055d350ea --- /dev/null +++ b/2020/8xxx/CVE-2020-8634.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8635.json b/2020/8xxx/CVE-2020-8635.json new file mode 100644 index 00000000000..7247bf0c717 --- /dev/null +++ b/2020/8xxx/CVE-2020-8635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8636.json b/2020/8xxx/CVE-2020-8636.json new file mode 100644 index 00000000000..365a8e5489d --- /dev/null +++ b/2020/8xxx/CVE-2020-8636.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5", + "url": "https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8637.json b/2020/8xxx/CVE-2020-8637.json new file mode 100644 index 00000000000..1639e48cdcc --- /dev/null +++ b/2020/8xxx/CVE-2020-8637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8638.json b/2020/8xxx/CVE-2020-8638.json new file mode 100644 index 00000000000..cb0fc8c36a8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8638.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8639.json b/2020/8xxx/CVE-2020-8639.json new file mode 100644 index 00000000000..ead99387427 --- /dev/null +++ b/2020/8xxx/CVE-2020-8639.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8639", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8640.json b/2020/8xxx/CVE-2020-8640.json new file mode 100644 index 00000000000..47e4098ff96 --- /dev/null +++ b/2020/8xxx/CVE-2020-8640.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8640", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8641.json b/2020/8xxx/CVE-2020-8641.json new file mode 100644 index 00000000000..20351d5a75b --- /dev/null +++ b/2020/8xxx/CVE-2020-8641.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47985", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47985" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8642.json b/2020/8xxx/CVE-2020-8642.json new file mode 100644 index 00000000000..bea68e08a4e --- /dev/null +++ b/2020/8xxx/CVE-2020-8642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8643.json b/2020/8xxx/CVE-2020-8643.json new file mode 100644 index 00000000000..d5ebb14a499 --- /dev/null +++ b/2020/8xxx/CVE-2020-8643.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8643", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8644.json b/2020/8xxx/CVE-2020-8644.json new file mode 100644 index 00000000000..864759c5ebe --- /dev/null +++ b/2020/8xxx/CVE-2020-8644.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PlaySMS before 1.4.3 does not sanitize inputs from a malicious string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/", + "refsource": "MISC", + "name": "https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/" + }, + { + "url": "https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704", + "refsource": "MISC", + "name": "https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8645.json b/2020/8xxx/CVE-2020-8645.json new file mode 100644 index 00000000000..a15c1de2ca3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8645.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/niteosoft/simplejobscript/issues/9", + "url": "https://github.com/niteosoft/simplejobscript/issues/9" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8646.json b/2020/8xxx/CVE-2020-8646.json new file mode 100644 index 00000000000..29ab9468230 --- /dev/null +++ b/2020/8xxx/CVE-2020-8646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8647.json b/2020/8xxx/CVE-2020-8647.json new file mode 100644 index 00000000000..5dc98fde4c2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8647.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206359", + "refsource": "MISC", + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=206359" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8648.json b/2020/8xxx/CVE-2020-8648.json new file mode 100644 index 00000000000..703dfb5132d --- /dev/null +++ b/2020/8xxx/CVE-2020-8648.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206361", + "refsource": "MISC", + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=206361" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8649.json b/2020/8xxx/CVE-2020-8649.json new file mode 100644 index 00000000000..7c7794866a2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8649.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206357", + "refsource": "MISC", + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=206357" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8650.json b/2020/8xxx/CVE-2020-8650.json new file mode 100644 index 00000000000..f463d269c4a --- /dev/null +++ b/2020/8xxx/CVE-2020-8650.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8650", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8651.json b/2020/8xxx/CVE-2020-8651.json new file mode 100644 index 00000000000..0cd645ed0cc --- /dev/null +++ b/2020/8xxx/CVE-2020-8651.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8651", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8652.json b/2020/8xxx/CVE-2020-8652.json new file mode 100644 index 00000000000..bd87712d94b --- /dev/null +++ b/2020/8xxx/CVE-2020-8652.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8652", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8653.json b/2020/8xxx/CVE-2020-8653.json new file mode 100644 index 00000000000..d6326640326 --- /dev/null +++ b/2020/8xxx/CVE-2020-8653.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8653", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8654.json b/2020/8xxx/CVE-2020-8654.json new file mode 100644 index 00000000000..a2060952b48 --- /dev/null +++ b/2020/8xxx/CVE-2020-8654.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/50", + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/50" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8655.json b/2020/8xxx/CVE-2020-8655.json new file mode 100644 index 00000000000..2455b7897ef --- /dev/null +++ b/2020/8xxx/CVE-2020-8655.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonconf/issues/8", + "url": "https://github.com/EyesOfNetworkCommunity/eonconf/issues/8" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8656.json b/2020/8xxx/CVE-2020-8656.json new file mode 100644 index 00000000000..ec5bbeb41fc --- /dev/null +++ b/2020/8xxx/CVE-2020-8656.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/16", + "url": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/16" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8657.json b/2020/8xxx/CVE-2020-8657.json new file mode 100644 index 00000000000..7e1dca33909 --- /dev/null +++ b/2020/8xxx/CVE-2020-8657.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/17", + "url": "https://github.com/EyesOfNetworkCommunity/eonapi/issues/17" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8658.json b/2020/8xxx/CVE-2020-8658.json new file mode 100644 index 00000000000..340fedd847c --- /dev/null +++ b/2020/8xxx/CVE-2020-8658.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/htaccess/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/htaccess/#developers" + }, + { + "url": "https://github.com/V1n1v131r4/Exploiting-WP-Htaccess-by-BestWebSoft-Plugin/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/V1n1v131r4/Exploiting-WP-Htaccess-by-BestWebSoft-Plugin/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10060", + "url": "https://wpvulndb.com/vulnerabilities/10060" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8659.json b/2020/8xxx/CVE-2020-8659.json new file mode 100644 index 00000000000..274146e45e5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8660.json b/2020/8xxx/CVE-2020-8660.json new file mode 100644 index 00000000000..4da0774f32f --- /dev/null +++ b/2020/8xxx/CVE-2020-8660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8661.json b/2020/8xxx/CVE-2020-8661.json new file mode 100644 index 00000000000..0922aceb92a --- /dev/null +++ b/2020/8xxx/CVE-2020-8661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8662.json b/2020/8xxx/CVE-2020-8662.json new file mode 100644 index 00000000000..c2a5b34bc07 --- /dev/null +++ b/2020/8xxx/CVE-2020-8662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8663.json b/2020/8xxx/CVE-2020-8663.json new file mode 100644 index 00000000000..021fdde89d8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8664.json b/2020/8xxx/CVE-2020-8664.json new file mode 100644 index 00000000000..52e559c765b --- /dev/null +++ b/2020/8xxx/CVE-2020-8664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8665.json b/2020/8xxx/CVE-2020-8665.json new file mode 100644 index 00000000000..9dad960bc95 --- /dev/null +++ b/2020/8xxx/CVE-2020-8665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8666.json b/2020/8xxx/CVE-2020-8666.json new file mode 100644 index 00000000000..690e4e1a507 --- /dev/null +++ b/2020/8xxx/CVE-2020-8666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8667.json b/2020/8xxx/CVE-2020-8667.json new file mode 100644 index 00000000000..02796a0863e --- /dev/null +++ b/2020/8xxx/CVE-2020-8667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8668.json b/2020/8xxx/CVE-2020-8668.json new file mode 100644 index 00000000000..6da35884270 --- /dev/null +++ b/2020/8xxx/CVE-2020-8668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8669.json b/2020/8xxx/CVE-2020-8669.json new file mode 100644 index 00000000000..7f98f1ffef8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8670.json b/2020/8xxx/CVE-2020-8670.json new file mode 100644 index 00000000000..983a6f49a60 --- /dev/null +++ b/2020/8xxx/CVE-2020-8670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8671.json b/2020/8xxx/CVE-2020-8671.json new file mode 100644 index 00000000000..2af69f33d80 --- /dev/null +++ b/2020/8xxx/CVE-2020-8671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8672.json b/2020/8xxx/CVE-2020-8672.json new file mode 100644 index 00000000000..6336ea55532 --- /dev/null +++ b/2020/8xxx/CVE-2020-8672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8673.json b/2020/8xxx/CVE-2020-8673.json new file mode 100644 index 00000000000..fcda184fe10 --- /dev/null +++ b/2020/8xxx/CVE-2020-8673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8674.json b/2020/8xxx/CVE-2020-8674.json new file mode 100644 index 00000000000..a94cffb698a --- /dev/null +++ b/2020/8xxx/CVE-2020-8674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8675.json b/2020/8xxx/CVE-2020-8675.json new file mode 100644 index 00000000000..c0dcc4b591d --- /dev/null +++ b/2020/8xxx/CVE-2020-8675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8676.json b/2020/8xxx/CVE-2020-8676.json new file mode 100644 index 00000000000..d1b9e6227cd --- /dev/null +++ b/2020/8xxx/CVE-2020-8676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8677.json b/2020/8xxx/CVE-2020-8677.json new file mode 100644 index 00000000000..376c15feb15 --- /dev/null +++ b/2020/8xxx/CVE-2020-8677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8678.json b/2020/8xxx/CVE-2020-8678.json new file mode 100644 index 00000000000..9617f71ea8a --- /dev/null +++ b/2020/8xxx/CVE-2020-8678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8679.json b/2020/8xxx/CVE-2020-8679.json new file mode 100644 index 00000000000..792d0f2b023 --- /dev/null +++ b/2020/8xxx/CVE-2020-8679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8680.json b/2020/8xxx/CVE-2020-8680.json new file mode 100644 index 00000000000..ddcdd78fc84 --- /dev/null +++ b/2020/8xxx/CVE-2020-8680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8681.json b/2020/8xxx/CVE-2020-8681.json new file mode 100644 index 00000000000..3541c63353c --- /dev/null +++ b/2020/8xxx/CVE-2020-8681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8682.json b/2020/8xxx/CVE-2020-8682.json new file mode 100644 index 00000000000..e6e6b57f5d2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8682.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8682", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8683.json b/2020/8xxx/CVE-2020-8683.json new file mode 100644 index 00000000000..486dfb8959f --- /dev/null +++ b/2020/8xxx/CVE-2020-8683.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8683", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8684.json b/2020/8xxx/CVE-2020-8684.json new file mode 100644 index 00000000000..e09159b7a99 --- /dev/null +++ b/2020/8xxx/CVE-2020-8684.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8684", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8685.json b/2020/8xxx/CVE-2020-8685.json new file mode 100644 index 00000000000..620ae8cd43f --- /dev/null +++ b/2020/8xxx/CVE-2020-8685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8686.json b/2020/8xxx/CVE-2020-8686.json new file mode 100644 index 00000000000..e9826453c13 --- /dev/null +++ b/2020/8xxx/CVE-2020-8686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8687.json b/2020/8xxx/CVE-2020-8687.json new file mode 100644 index 00000000000..0c75cebf7da --- /dev/null +++ b/2020/8xxx/CVE-2020-8687.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8687", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8688.json b/2020/8xxx/CVE-2020-8688.json new file mode 100644 index 00000000000..32ee7a59820 --- /dev/null +++ b/2020/8xxx/CVE-2020-8688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8689.json b/2020/8xxx/CVE-2020-8689.json new file mode 100644 index 00000000000..5094833193a --- /dev/null +++ b/2020/8xxx/CVE-2020-8689.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8689", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8690.json b/2020/8xxx/CVE-2020-8690.json new file mode 100644 index 00000000000..2631930fab8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8690.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8690", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8691.json b/2020/8xxx/CVE-2020-8691.json new file mode 100644 index 00000000000..3b00ea51935 --- /dev/null +++ b/2020/8xxx/CVE-2020-8691.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8691", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8692.json b/2020/8xxx/CVE-2020-8692.json new file mode 100644 index 00000000000..b44a8c45fa7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8692.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8692", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8693.json b/2020/8xxx/CVE-2020-8693.json new file mode 100644 index 00000000000..022a0601b3a --- /dev/null +++ b/2020/8xxx/CVE-2020-8693.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8693", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8694.json b/2020/8xxx/CVE-2020-8694.json new file mode 100644 index 00000000000..718f2e2818e --- /dev/null +++ b/2020/8xxx/CVE-2020-8694.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8694", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8695.json b/2020/8xxx/CVE-2020-8695.json new file mode 100644 index 00000000000..fac0c408540 --- /dev/null +++ b/2020/8xxx/CVE-2020-8695.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8695", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8696.json b/2020/8xxx/CVE-2020-8696.json new file mode 100644 index 00000000000..217193f6c2c --- /dev/null +++ b/2020/8xxx/CVE-2020-8696.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8696", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8697.json b/2020/8xxx/CVE-2020-8697.json new file mode 100644 index 00000000000..5c3defcf750 --- /dev/null +++ b/2020/8xxx/CVE-2020-8697.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8697", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8698.json b/2020/8xxx/CVE-2020-8698.json new file mode 100644 index 00000000000..39deb5ea410 --- /dev/null +++ b/2020/8xxx/CVE-2020-8698.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8698", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8699.json b/2020/8xxx/CVE-2020-8699.json new file mode 100644 index 00000000000..49752788108 --- /dev/null +++ b/2020/8xxx/CVE-2020-8699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8700.json b/2020/8xxx/CVE-2020-8700.json new file mode 100644 index 00000000000..b79ae8c0b43 --- /dev/null +++ b/2020/8xxx/CVE-2020-8700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8701.json b/2020/8xxx/CVE-2020-8701.json new file mode 100644 index 00000000000..c85b24daa03 --- /dev/null +++ b/2020/8xxx/CVE-2020-8701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8702.json b/2020/8xxx/CVE-2020-8702.json new file mode 100644 index 00000000000..7cd50c7f103 --- /dev/null +++ b/2020/8xxx/CVE-2020-8702.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8702", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8703.json b/2020/8xxx/CVE-2020-8703.json new file mode 100644 index 00000000000..cc66bda9b28 --- /dev/null +++ b/2020/8xxx/CVE-2020-8703.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8703", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8704.json b/2020/8xxx/CVE-2020-8704.json new file mode 100644 index 00000000000..97a5af5fc3e --- /dev/null +++ b/2020/8xxx/CVE-2020-8704.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8704", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8705.json b/2020/8xxx/CVE-2020-8705.json new file mode 100644 index 00000000000..3a10ec42c5a --- /dev/null +++ b/2020/8xxx/CVE-2020-8705.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8705", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8706.json b/2020/8xxx/CVE-2020-8706.json new file mode 100644 index 00000000000..0eb255e18c3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8706.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8706", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8707.json b/2020/8xxx/CVE-2020-8707.json new file mode 100644 index 00000000000..dd653439e5f --- /dev/null +++ b/2020/8xxx/CVE-2020-8707.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8707", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8708.json b/2020/8xxx/CVE-2020-8708.json new file mode 100644 index 00000000000..260003b0724 --- /dev/null +++ b/2020/8xxx/CVE-2020-8708.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8708", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8709.json b/2020/8xxx/CVE-2020-8709.json new file mode 100644 index 00000000000..db26932c18d --- /dev/null +++ b/2020/8xxx/CVE-2020-8709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8710.json b/2020/8xxx/CVE-2020-8710.json new file mode 100644 index 00000000000..831e03b1c3c --- /dev/null +++ b/2020/8xxx/CVE-2020-8710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8711.json b/2020/8xxx/CVE-2020-8711.json new file mode 100644 index 00000000000..9fe2659d63e --- /dev/null +++ b/2020/8xxx/CVE-2020-8711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8712.json b/2020/8xxx/CVE-2020-8712.json new file mode 100644 index 00000000000..b7a1b41eeac --- /dev/null +++ b/2020/8xxx/CVE-2020-8712.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8712", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8713.json b/2020/8xxx/CVE-2020-8713.json new file mode 100644 index 00000000000..cc5697f007e --- /dev/null +++ b/2020/8xxx/CVE-2020-8713.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8713", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8714.json b/2020/8xxx/CVE-2020-8714.json new file mode 100644 index 00000000000..333621f85df --- /dev/null +++ b/2020/8xxx/CVE-2020-8714.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8714", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8715.json b/2020/8xxx/CVE-2020-8715.json new file mode 100644 index 00000000000..f28b09ee460 --- /dev/null +++ b/2020/8xxx/CVE-2020-8715.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8715", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8716.json b/2020/8xxx/CVE-2020-8716.json new file mode 100644 index 00000000000..49b602d96c9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8716.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8716", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8717.json b/2020/8xxx/CVE-2020-8717.json new file mode 100644 index 00000000000..df4b5e8e444 --- /dev/null +++ b/2020/8xxx/CVE-2020-8717.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8717", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8718.json b/2020/8xxx/CVE-2020-8718.json new file mode 100644 index 00000000000..a9b73866274 --- /dev/null +++ b/2020/8xxx/CVE-2020-8718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8719.json b/2020/8xxx/CVE-2020-8719.json new file mode 100644 index 00000000000..cc276583a88 --- /dev/null +++ b/2020/8xxx/CVE-2020-8719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8720.json b/2020/8xxx/CVE-2020-8720.json new file mode 100644 index 00000000000..ca0dfc8748b --- /dev/null +++ b/2020/8xxx/CVE-2020-8720.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8720", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8721.json b/2020/8xxx/CVE-2020-8721.json new file mode 100644 index 00000000000..a248d247af4 --- /dev/null +++ b/2020/8xxx/CVE-2020-8721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8722.json b/2020/8xxx/CVE-2020-8722.json new file mode 100644 index 00000000000..583c4b8a69d --- /dev/null +++ b/2020/8xxx/CVE-2020-8722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8723.json b/2020/8xxx/CVE-2020-8723.json new file mode 100644 index 00000000000..d42a991d649 --- /dev/null +++ b/2020/8xxx/CVE-2020-8723.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8723", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8724.json b/2020/8xxx/CVE-2020-8724.json new file mode 100644 index 00000000000..3a8dd42bde8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8725.json b/2020/8xxx/CVE-2020-8725.json new file mode 100644 index 00000000000..403950b7bb5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8726.json b/2020/8xxx/CVE-2020-8726.json new file mode 100644 index 00000000000..12e3bd739e1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8727.json b/2020/8xxx/CVE-2020-8727.json new file mode 100644 index 00000000000..d7689eedb35 --- /dev/null +++ b/2020/8xxx/CVE-2020-8727.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8727", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8728.json b/2020/8xxx/CVE-2020-8728.json new file mode 100644 index 00000000000..ac18779ab28 --- /dev/null +++ b/2020/8xxx/CVE-2020-8728.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8728", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8729.json b/2020/8xxx/CVE-2020-8729.json new file mode 100644 index 00000000000..af7df824464 --- /dev/null +++ b/2020/8xxx/CVE-2020-8729.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8729", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8730.json b/2020/8xxx/CVE-2020-8730.json new file mode 100644 index 00000000000..c8d5e87710e --- /dev/null +++ b/2020/8xxx/CVE-2020-8730.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8730", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8731.json b/2020/8xxx/CVE-2020-8731.json new file mode 100644 index 00000000000..e433d6d61d4 --- /dev/null +++ b/2020/8xxx/CVE-2020-8731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8732.json b/2020/8xxx/CVE-2020-8732.json new file mode 100644 index 00000000000..21b464f6896 --- /dev/null +++ b/2020/8xxx/CVE-2020-8732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8733.json b/2020/8xxx/CVE-2020-8733.json new file mode 100644 index 00000000000..4fd56388732 --- /dev/null +++ b/2020/8xxx/CVE-2020-8733.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8733", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8734.json b/2020/8xxx/CVE-2020-8734.json new file mode 100644 index 00000000000..80583cf5ad0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8734.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8734", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8735.json b/2020/8xxx/CVE-2020-8735.json new file mode 100644 index 00000000000..321487f819e --- /dev/null +++ b/2020/8xxx/CVE-2020-8735.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8735", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8736.json b/2020/8xxx/CVE-2020-8736.json new file mode 100644 index 00000000000..b5fa61b5ee0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8736.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8736", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8737.json b/2020/8xxx/CVE-2020-8737.json new file mode 100644 index 00000000000..bf4d935f524 --- /dev/null +++ b/2020/8xxx/CVE-2020-8737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8738.json b/2020/8xxx/CVE-2020-8738.json new file mode 100644 index 00000000000..05614eaa640 --- /dev/null +++ b/2020/8xxx/CVE-2020-8738.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8738", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8739.json b/2020/8xxx/CVE-2020-8739.json new file mode 100644 index 00000000000..6741cb5752c --- /dev/null +++ b/2020/8xxx/CVE-2020-8739.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8739", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8740.json b/2020/8xxx/CVE-2020-8740.json new file mode 100644 index 00000000000..d4cd1b99aff --- /dev/null +++ b/2020/8xxx/CVE-2020-8740.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8740", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8741.json b/2020/8xxx/CVE-2020-8741.json new file mode 100644 index 00000000000..a880df6266a --- /dev/null +++ b/2020/8xxx/CVE-2020-8741.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8741", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8742.json b/2020/8xxx/CVE-2020-8742.json new file mode 100644 index 00000000000..5dbf5c5272c --- /dev/null +++ b/2020/8xxx/CVE-2020-8742.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8742", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8743.json b/2020/8xxx/CVE-2020-8743.json new file mode 100644 index 00000000000..b32fd5978d1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8744.json b/2020/8xxx/CVE-2020-8744.json new file mode 100644 index 00000000000..99bffe5d28b --- /dev/null +++ b/2020/8xxx/CVE-2020-8744.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8744", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8745.json b/2020/8xxx/CVE-2020-8745.json new file mode 100644 index 00000000000..8194110f2d6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8745.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8745", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8746.json b/2020/8xxx/CVE-2020-8746.json new file mode 100644 index 00000000000..e119d1daab0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8746.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8746", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8747.json b/2020/8xxx/CVE-2020-8747.json new file mode 100644 index 00000000000..ba3ab0ac1f6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8747.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8747", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8748.json b/2020/8xxx/CVE-2020-8748.json new file mode 100644 index 00000000000..fb8394e48e6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8748.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8748", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8749.json b/2020/8xxx/CVE-2020-8749.json new file mode 100644 index 00000000000..382b78b155f --- /dev/null +++ b/2020/8xxx/CVE-2020-8749.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8749", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8750.json b/2020/8xxx/CVE-2020-8750.json new file mode 100644 index 00000000000..67785ac6452 --- /dev/null +++ b/2020/8xxx/CVE-2020-8750.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8750", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8751.json b/2020/8xxx/CVE-2020-8751.json new file mode 100644 index 00000000000..96d230cfacb --- /dev/null +++ b/2020/8xxx/CVE-2020-8751.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8751", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8752.json b/2020/8xxx/CVE-2020-8752.json new file mode 100644 index 00000000000..8db4c96ce36 --- /dev/null +++ b/2020/8xxx/CVE-2020-8752.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8752", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8753.json b/2020/8xxx/CVE-2020-8753.json new file mode 100644 index 00000000000..8cd1e8f2b69 --- /dev/null +++ b/2020/8xxx/CVE-2020-8753.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8753", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8754.json b/2020/8xxx/CVE-2020-8754.json new file mode 100644 index 00000000000..1de1338052b --- /dev/null +++ b/2020/8xxx/CVE-2020-8754.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8754", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8755.json b/2020/8xxx/CVE-2020-8755.json new file mode 100644 index 00000000000..a2791a45234 --- /dev/null +++ b/2020/8xxx/CVE-2020-8755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8756.json b/2020/8xxx/CVE-2020-8756.json new file mode 100644 index 00000000000..d701a916628 --- /dev/null +++ b/2020/8xxx/CVE-2020-8756.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8756", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8757.json b/2020/8xxx/CVE-2020-8757.json new file mode 100644 index 00000000000..ce636e51a97 --- /dev/null +++ b/2020/8xxx/CVE-2020-8757.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8757", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8758.json b/2020/8xxx/CVE-2020-8758.json new file mode 100644 index 00000000000..1bad6f3ee8c --- /dev/null +++ b/2020/8xxx/CVE-2020-8758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8759.json b/2020/8xxx/CVE-2020-8759.json new file mode 100644 index 00000000000..da5f8704990 --- /dev/null +++ b/2020/8xxx/CVE-2020-8759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8760.json b/2020/8xxx/CVE-2020-8760.json new file mode 100644 index 00000000000..7d579db1d29 --- /dev/null +++ b/2020/8xxx/CVE-2020-8760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8761.json b/2020/8xxx/CVE-2020-8761.json new file mode 100644 index 00000000000..84079276746 --- /dev/null +++ b/2020/8xxx/CVE-2020-8761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8762.json b/2020/8xxx/CVE-2020-8762.json new file mode 100644 index 00000000000..a2587eb62df --- /dev/null +++ b/2020/8xxx/CVE-2020-8762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8763.json b/2020/8xxx/CVE-2020-8763.json new file mode 100644 index 00000000000..4a8d4900ff3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8764.json b/2020/8xxx/CVE-2020-8764.json new file mode 100644 index 00000000000..357a1bfca8f --- /dev/null +++ b/2020/8xxx/CVE-2020-8764.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8764", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8765.json b/2020/8xxx/CVE-2020-8765.json new file mode 100644 index 00000000000..7ffb8fef640 --- /dev/null +++ b/2020/8xxx/CVE-2020-8765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8766.json b/2020/8xxx/CVE-2020-8766.json new file mode 100644 index 00000000000..ea460c64959 --- /dev/null +++ b/2020/8xxx/CVE-2020-8766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8767.json b/2020/8xxx/CVE-2020-8767.json new file mode 100644 index 00000000000..7030c4e0d84 --- /dev/null +++ b/2020/8xxx/CVE-2020-8767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8768.json b/2020/8xxx/CVE-2020-8768.json new file mode 100644 index 00000000000..a3af012cca7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8768.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8768", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8769.json b/2020/8xxx/CVE-2020-8769.json new file mode 100644 index 00000000000..35e904738dd --- /dev/null +++ b/2020/8xxx/CVE-2020-8769.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8769", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8770.json b/2020/8xxx/CVE-2020-8770.json new file mode 100644 index 00000000000..638c5bc1d05 --- /dev/null +++ b/2020/8xxx/CVE-2020-8770.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8770", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8771.json b/2020/8xxx/CVE-2020-8771.json new file mode 100644 index 00000000000..1d5473105ea --- /dev/null +++ b/2020/8xxx/CVE-2020-8771.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/10010", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10010" + }, + { + "url": "https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/", + "refsource": "MISC", + "name": "https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8772.json b/2020/8xxx/CVE-2020-8772.json new file mode 100644 index 00000000000..4a5e5a39711 --- /dev/null +++ b/2020/8xxx/CVE-2020-8772.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/10011", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10011" + }, + { + "url": "https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/", + "refsource": "MISC", + "name": "https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8773.json b/2020/8xxx/CVE-2020-8773.json new file mode 100644 index 00000000000..7e33e5cc5e7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8774.json b/2020/8xxx/CVE-2020-8774.json new file mode 100644 index 00000000000..1c3a8ab127e --- /dev/null +++ b/2020/8xxx/CVE-2020-8774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8775.json b/2020/8xxx/CVE-2020-8775.json new file mode 100644 index 00000000000..db0eba70672 --- /dev/null +++ b/2020/8xxx/CVE-2020-8775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8776.json b/2020/8xxx/CVE-2020-8776.json new file mode 100644 index 00000000000..22c4652f1e6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8777.json b/2020/8xxx/CVE-2020-8777.json new file mode 100644 index 00000000000..c7429e747b9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8778.json b/2020/8xxx/CVE-2020-8778.json new file mode 100644 index 00000000000..e0ce02ad302 --- /dev/null +++ b/2020/8xxx/CVE-2020-8778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8779.json b/2020/8xxx/CVE-2020-8779.json new file mode 100644 index 00000000000..357cf616501 --- /dev/null +++ b/2020/8xxx/CVE-2020-8779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8780.json b/2020/8xxx/CVE-2020-8780.json new file mode 100644 index 00000000000..55228549967 --- /dev/null +++ b/2020/8xxx/CVE-2020-8780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8781.json b/2020/8xxx/CVE-2020-8781.json new file mode 100644 index 00000000000..2c93a5da681 --- /dev/null +++ b/2020/8xxx/CVE-2020-8781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8782.json b/2020/8xxx/CVE-2020-8782.json new file mode 100644 index 00000000000..b984b8b15ec --- /dev/null +++ b/2020/8xxx/CVE-2020-8782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8783.json b/2020/8xxx/CVE-2020-8783.json new file mode 100644 index 00000000000..de0c02913b0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8784.json b/2020/8xxx/CVE-2020-8784.json new file mode 100644 index 00000000000..459569711a9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8785.json b/2020/8xxx/CVE-2020-8785.json new file mode 100644 index 00000000000..3648dee0d27 --- /dev/null +++ b/2020/8xxx/CVE-2020-8785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8786.json b/2020/8xxx/CVE-2020-8786.json new file mode 100644 index 00000000000..a7b189919ef --- /dev/null +++ b/2020/8xxx/CVE-2020-8786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8787.json b/2020/8xxx/CVE-2020-8787.json new file mode 100644 index 00000000000..5f3cc315b11 --- /dev/null +++ b/2020/8xxx/CVE-2020-8787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8788.json b/2020/8xxx/CVE-2020-8788.json new file mode 100644 index 00000000000..ec76c357010 --- /dev/null +++ b/2020/8xxx/CVE-2020-8788.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ClearCanvas/ClearCanvas/issues/227", + "refsource": "MISC", + "name": "https://github.com/ClearCanvas/ClearCanvas/issues/227" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8789.json b/2020/8xxx/CVE-2020-8789.json new file mode 100644 index 00000000000..cf1a6b12100 --- /dev/null +++ b/2020/8xxx/CVE-2020-8789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8790.json b/2020/8xxx/CVE-2020-8790.json new file mode 100644 index 00000000000..57304d3fa00 --- /dev/null +++ b/2020/8xxx/CVE-2020-8790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8791.json b/2020/8xxx/CVE-2020-8791.json new file mode 100644 index 00000000000..1d57e04e58b --- /dev/null +++ b/2020/8xxx/CVE-2020-8791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8792.json b/2020/8xxx/CVE-2020-8792.json new file mode 100644 index 00000000000..2d94ab6f836 --- /dev/null +++ b/2020/8xxx/CVE-2020-8792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8793.json b/2020/8xxx/CVE-2020-8793.json new file mode 100644 index 00000000000..731a654941d --- /dev/null +++ b/2020/8xxx/CVE-2020-8793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8794.json b/2020/8xxx/CVE-2020-8794.json new file mode 100644 index 00000000000..4f9d6e0fb62 --- /dev/null +++ b/2020/8xxx/CVE-2020-8794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8795.json b/2020/8xxx/CVE-2020-8795.json new file mode 100644 index 00000000000..c18e8b05f98 --- /dev/null +++ b/2020/8xxx/CVE-2020-8795.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/", + "url": "https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8796.json b/2020/8xxx/CVE-2020-8796.json new file mode 100644 index 00000000000..4ee310f93d5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8796.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cve.biscom.com/bis-sft-cv-0009/", + "refsource": "MISC", + "name": "https://cve.biscom.com/bis-sft-cv-0009/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8797.json b/2020/8xxx/CVE-2020-8797.json new file mode 100644 index 00000000000..3a18685f856 --- /dev/null +++ b/2020/8xxx/CVE-2020-8797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8798.json b/2020/8xxx/CVE-2020-8798.json new file mode 100644 index 00000000000..b46826b45b0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8799.json b/2020/8xxx/CVE-2020-8799.json new file mode 100644 index 00000000000..d0181ea01d9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8800.json b/2020/8xxx/CVE-2020-8800.json new file mode 100644 index 00000000000..207a10dc158 --- /dev/null +++ b/2020/8xxx/CVE-2020-8800.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://suitecrm.com", + "refsource": "MISC", + "name": "https://suitecrm.com" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2020/Feb/3", + "url": "https://seclists.org/fulldisclosure/2020/Feb/3" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156321/SuiteCRM-7.11.11-Second-Order-PHP-Object-Injection.html", + "url": "http://packetstormsecurity.com/files/156321/SuiteCRM-7.11.11-Second-Order-PHP-Object-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8801.json b/2020/8xxx/CVE-2020-8801.json new file mode 100644 index 00000000000..97d2fef23d1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8801.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SuiteCRM through 7.11.11 allows PHAR Deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://suitecrm.com", + "refsource": "MISC", + "name": "https://suitecrm.com" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Feb/4", + "url": "http://seclists.org/fulldisclosure/2020/Feb/4" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156324/SuiteCRM-7.11.11-Phar-Deserialization.html", + "url": "http://packetstormsecurity.com/files/156324/SuiteCRM-7.11.11-Phar-Deserialization.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8802.json b/2020/8xxx/CVE-2020-8802.json new file mode 100644 index 00000000000..1dc4d7bd149 --- /dev/null +++ b/2020/8xxx/CVE-2020-8802.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://suitecrm.com", + "refsource": "MISC", + "name": "https://suitecrm.com" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Feb/5", + "url": "http://seclists.org/fulldisclosure/2020/Feb/5" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156327/SuiteCRM-7.11.11-Bean-Manipulation.html", + "url": "http://packetstormsecurity.com/files/156327/SuiteCRM-7.11.11-Bean-Manipulation.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8803.json b/2020/8xxx/CVE-2020-8803.json new file mode 100644 index 00000000000..3b077659afc --- /dev/null +++ b/2020/8xxx/CVE-2020-8803.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://suitecrm.com", + "refsource": "MISC", + "name": "https://suitecrm.com" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Feb/6", + "url": "http://seclists.org/fulldisclosure/2020/Feb/6" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156329/SuiteCRM-7.11.11-Broken-Access-Control-Local-File-Inclusion.html", + "url": "http://packetstormsecurity.com/files/156329/SuiteCRM-7.11.11-Broken-Access-Control-Local-File-Inclusion.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8804.json b/2020/8xxx/CVE-2020-8804.json new file mode 100644 index 00000000000..1e807fa628e --- /dev/null +++ b/2020/8xxx/CVE-2020-8804.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://suitecrm.com", + "refsource": "MISC", + "name": "https://suitecrm.com" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Feb/7", + "url": "http://seclists.org/fulldisclosure/2020/Feb/7" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156331/SuiteCRM-7.11.10-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/156331/SuiteCRM-7.11.10-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8805.json b/2020/8xxx/CVE-2020-8805.json new file mode 100644 index 00000000000..a1a968c9d60 --- /dev/null +++ b/2020/8xxx/CVE-2020-8805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8806.json b/2020/8xxx/CVE-2020-8806.json new file mode 100644 index 00000000000..2681c6b8b86 --- /dev/null +++ b/2020/8xxx/CVE-2020-8806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8807.json b/2020/8xxx/CVE-2020-8807.json new file mode 100644 index 00000000000..f6c2581b82c --- /dev/null +++ b/2020/8xxx/CVE-2020-8807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8808.json b/2020/8xxx/CVE-2020-8808.json new file mode 100644 index 00000000000..fc60ad0c61a --- /dev/null +++ b/2020/8xxx/CVE-2020-8808.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\\SYSTEM privileges, via a function call such as MmMapIoSpace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-001.md", + "refsource": "MISC", + "name": "https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-001.md" + }, + { + "url": "https://forum.corsair.com/v3/showthread.php?t=193831", + "refsource": "MISC", + "name": "https://forum.corsair.com/v3/showthread.php?t=193831" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8809.json b/2020/8xxx/CVE-2020-8809.json new file mode 100644 index 00000000000..b00e611438f --- /dev/null +++ b/2020/8xxx/CVE-2020-8809.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8809", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8810.json b/2020/8xxx/CVE-2020-8810.json new file mode 100644 index 00000000000..f85cecc3f4c --- /dev/null +++ b/2020/8xxx/CVE-2020-8810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8811.json b/2020/8xxx/CVE-2020-8811.json new file mode 100644 index 00000000000..d7182a67aa1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8811.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bludit/bludit/issues/1131", + "refsource": "MISC", + "name": "https://github.com/bludit/bludit/issues/1131" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8812.json b/2020/8xxx/CVE-2020-8812.json new file mode 100644 index 00000000000..ab8acd90ff2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8812.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is \"not a bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bludit/bludit/issues/1132", + "refsource": "MISC", + "name": "https://github.com/bludit/bludit/issues/1132" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8813.json b/2020/8xxx/CVE-2020-8813.json new file mode 100644 index 00000000000..2eb5ec3749a --- /dev/null +++ b/2020/8xxx/CVE-2020-8813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8814.json b/2020/8xxx/CVE-2020-8814.json new file mode 100644 index 00000000000..2865e94e340 --- /dev/null +++ b/2020/8xxx/CVE-2020-8814.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8814", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8815.json b/2020/8xxx/CVE-2020-8815.json new file mode 100644 index 00000000000..fc9c7ceea9c --- /dev/null +++ b/2020/8xxx/CVE-2020-8815.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kolya5544/BearFTP", + "refsource": "MISC", + "name": "https://github.com/kolya5544/BearFTP" + }, + { + "url": "https://github.com/kolya5544/BearFTP/blob/f5a8047587c1a96456d4f291c12b038b9ab0d0c5/BearFTP/Program.cs#L503-L525", + "refsource": "MISC", + "name": "https://github.com/kolya5544/BearFTP/blob/f5a8047587c1a96456d4f291c12b038b9ab0d0c5/BearFTP/Program.cs#L503-L525" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/kolya5544/BearFTP/commit/17a6ead72d4a25cbfcef5e27613aa0a5f88a4b26", + "url": "https://github.com/kolya5544/BearFTP/commit/17a6ead72d4a25cbfcef5e27613aa0a5f88a4b26" + }, + { + "refsource": "MISC", + "name": "https://github.com/kolya5544/BearFTP/commit/66dc9d95e58bca133f265457d32007cdf38b66ad", + "url": "https://github.com/kolya5544/BearFTP/commit/66dc9d95e58bca133f265457d32007cdf38b66ad" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/kolya5544/BearFTP/releases/tag/0.4.0", + "url": "https://github.com/kolya5544/BearFTP/releases/tag/0.4.0" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8816.json b/2020/8xxx/CVE-2020-8816.json new file mode 100644 index 00000000000..b8285007b5e --- /dev/null +++ b/2020/8xxx/CVE-2020-8816.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8816", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8817.json b/2020/8xxx/CVE-2020-8817.json new file mode 100644 index 00000000000..e8587695063 --- /dev/null +++ b/2020/8xxx/CVE-2020-8817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8818.json b/2020/8xxx/CVE-2020-8818.json new file mode 100644 index 00000000000..8bbce056328 --- /dev/null +++ b/2020/8xxx/CVE-2020-8818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8819.json b/2020/8xxx/CVE-2020-8819.json new file mode 100644 index 00000000000..89c2cab36fd --- /dev/null +++ b/2020/8xxx/CVE-2020-8819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8820.json b/2020/8xxx/CVE-2020-8820.json new file mode 100644 index 00000000000..850ea808b6a --- /dev/null +++ b/2020/8xxx/CVE-2020-8820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8821.json b/2020/8xxx/CVE-2020-8821.json new file mode 100644 index 00000000000..815cfb1784f --- /dev/null +++ b/2020/8xxx/CVE-2020-8821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8822.json b/2020/8xxx/CVE-2020-8822.json new file mode 100644 index 00000000000..7f6c628477d --- /dev/null +++ b/2020/8xxx/CVE-2020-8822.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/02/digi-transport-stored-xss-on-wr-family.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/02/digi-transport-stored-xss-on-wr-family.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8823.json b/2020/8xxx/CVE-2020-8823.json new file mode 100644 index 00000000000..5dd1d1dea4e --- /dev/null +++ b/2020/8xxx/CVE-2020-8823.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/theyiyibest/Reflected-XSS-on-SockJS", + "refsource": "MISC", + "name": "https://github.com/theyiyibest/Reflected-XSS-on-SockJS" + }, + { + "url": "https://www.sockjs.org", + "refsource": "MISC", + "name": "https://www.sockjs.org" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8824.json b/2020/8xxx/CVE-2020-8824.json new file mode 100644 index 00000000000..a1a9bcc362e --- /dev/null +++ b/2020/8xxx/CVE-2020-8824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8825.json b/2020/8xxx/CVE-2020-8825.json new file mode 100644 index 00000000000..604de2e5db0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8825.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/hacky1997/CVE-2020-8825", + "url": "https://github.com/hacky1997/CVE-2020-8825" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8826.json b/2020/8xxx/CVE-2020-8826.json new file mode 100644 index 00000000000..1721fa06d80 --- /dev/null +++ b/2020/8xxx/CVE-2020-8826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8827.json b/2020/8xxx/CVE-2020-8827.json new file mode 100644 index 00000000000..be657085b5d --- /dev/null +++ b/2020/8xxx/CVE-2020-8827.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8827", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8828.json b/2020/8xxx/CVE-2020-8828.json new file mode 100644 index 00000000000..43846238894 --- /dev/null +++ b/2020/8xxx/CVE-2020-8828.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8828", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8829.json b/2020/8xxx/CVE-2020-8829.json new file mode 100644 index 00000000000..b1c59d2f56a --- /dev/null +++ b/2020/8xxx/CVE-2020-8829.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8829", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8830.json b/2020/8xxx/CVE-2020-8830.json new file mode 100644 index 00000000000..40f4d8dc75f --- /dev/null +++ b/2020/8xxx/CVE-2020-8830.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8830", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8831.json b/2020/8xxx/CVE-2020-8831.json new file mode 100644 index 00000000000..d3aefd13a18 --- /dev/null +++ b/2020/8xxx/CVE-2020-8831.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8831", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8832.json b/2020/8xxx/CVE-2020-8832.json new file mode 100644 index 00000000000..be134800ce6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8833.json b/2020/8xxx/CVE-2020-8833.json new file mode 100644 index 00000000000..f9640e67c1c --- /dev/null +++ b/2020/8xxx/CVE-2020-8833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8834.json b/2020/8xxx/CVE-2020-8834.json new file mode 100644 index 00000000000..0459ad11d15 --- /dev/null +++ b/2020/8xxx/CVE-2020-8834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8835.json b/2020/8xxx/CVE-2020-8835.json new file mode 100644 index 00000000000..81f197e51a6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8836.json b/2020/8xxx/CVE-2020-8836.json new file mode 100644 index 00000000000..65fac53d56b --- /dev/null +++ b/2020/8xxx/CVE-2020-8836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8837.json b/2020/8xxx/CVE-2020-8837.json new file mode 100644 index 00000000000..ca0ed757104 --- /dev/null +++ b/2020/8xxx/CVE-2020-8837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8838.json b/2020/8xxx/CVE-2020-8838.json new file mode 100644 index 00000000000..5537b9107d4 --- /dev/null +++ b/2020/8xxx/CVE-2020-8838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8839.json b/2020/8xxx/CVE-2020-8839.json new file mode 100644 index 00000000000..8401294fa6f --- /dev/null +++ b/2020/8xxx/CVE-2020-8839.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/open?id=1eDN0rsGPs4-yxeMxl7MGh__yjdbl-wON", + "refsource": "MISC", + "name": "https://drive.google.com/open?id=1eDN0rsGPs4-yxeMxl7MGh__yjdbl-wON" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156289/CHIYU-BF430-TCP-IP-Converter-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156289/CHIYU-BF430-TCP-IP-Converter-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8840.json b/2020/8xxx/CVE-2020-8840.json new file mode 100644 index 00000000000..b1acb39f905 --- /dev/null +++ b/2020/8xxx/CVE-2020-8840.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FasterXML/jackson-databind/issues/2620", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2620" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8841.json b/2020/8xxx/CVE-2020-8841.json new file mode 100644 index 00000000000..486a75218df --- /dev/null +++ b/2020/8xxx/CVE-2020-8841.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/239", + "refsource": "MISC", + "name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/239" + }, + { + "url": "https://github.com/ver007/testlink-1.9.19-sqlinject", + "refsource": "MISC", + "name": "https://github.com/ver007/testlink-1.9.19-sqlinject" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8842.json b/2020/8xxx/CVE-2020-8842.json new file mode 100644 index 00000000000..a73d725e62a --- /dev/null +++ b/2020/8xxx/CVE-2020-8842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8843.json b/2020/8xxx/CVE-2020-8843.json new file mode 100644 index 00000000000..7266cfa62b8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8843.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/istio/istio/commits/master", + "refsource": "MISC", + "name": "https://github.com/istio/istio/commits/master" + }, + { + "url": "https://istio.io/news/security/", + "refsource": "MISC", + "name": "https://istio.io/news/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://istio.io/news/security/istio-security-2020-002/", + "url": "https://istio.io/news/security/istio-security-2020-002/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8844.json b/2020/8xxx/CVE-2020-8844.json new file mode 100644 index 00000000000..c64193492e0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8844.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Natnael Samson (@NattiSamson)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-200/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-200/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8845.json b/2020/8xxx/CVE-2020-8845.json new file mode 100644 index 00000000000..2c922644f00 --- /dev/null +++ b/2020/8xxx/CVE-2020-8845.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-201/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-201/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8846.json b/2020/8xxx/CVE-2020-8846.json new file mode 100644 index 00000000000..381e584a344 --- /dev/null +++ b/2020/8xxx/CVE-2020-8846.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "mrpowell", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-202/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-202/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8847.json b/2020/8xxx/CVE-2020-8847.json new file mode 100644 index 00000000000..1bc72f79bac --- /dev/null +++ b/2020/8xxx/CVE-2020-8847.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29455" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9414." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-203/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-203/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8848.json b/2020/8xxx/CVE-2020-8848.json new file mode 100644 index 00000000000..27d60e365d9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8848.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29455" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-204/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-204/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8849.json b/2020/8xxx/CVE-2020-8849.json new file mode 100644 index 00000000000..05f89fc8516 --- /dev/null +++ b/2020/8xxx/CVE-2020-8849.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29455" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9413." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-205/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-205/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8850.json b/2020/8xxx/CVE-2020-8850.json new file mode 100644 index 00000000000..928c2095f2b --- /dev/null +++ b/2020/8xxx/CVE-2020-8850.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29455" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9415." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-206/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-206/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8851.json b/2020/8xxx/CVE-2020-8851.json new file mode 100644 index 00000000000..597e785acfa --- /dev/null +++ b/2020/8xxx/CVE-2020-8851.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29455" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-207/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-207/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8852.json b/2020/8xxx/CVE-2020-8852.json new file mode 100644 index 00000000000..062c3043ca4 --- /dev/null +++ b/2020/8xxx/CVE-2020-8852.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29455" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-208/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-208/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8853.json b/2020/8xxx/CVE-2020-8853.json new file mode 100644 index 00000000000..fd21562be5e --- /dev/null +++ b/2020/8xxx/CVE-2020-8853.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29478" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "rgod of 9sg", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9591." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-209/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-209/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8854.json b/2020/8xxx/CVE-2020-8854.json new file mode 100644 index 00000000000..eda1085c876 --- /dev/null +++ b/2020/8xxx/CVE-2020-8854.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29478" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-210/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-210/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8855.json b/2020/8xxx/CVE-2020-8855.json new file mode 100644 index 00000000000..ced26a8ec41 --- /dev/null +++ b/2020/8xxx/CVE-2020-8855.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.7.0.2947" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "rgod of 9sg", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-211/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-211/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8856.json b/2020/8xxx/CVE-2020-8856.json new file mode 100644 index 00000000000..c750c74c081 --- /dev/null +++ b/2020/8xxx/CVE-2020-8856.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25608" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-212/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-212/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8857.json b/2020/8xxx/CVE-2020-8857.json new file mode 100644 index 00000000000..fcdec29b372 --- /dev/null +++ b/2020/8xxx/CVE-2020-8857.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.7.0.29455" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } + ] + } + }, + "credit": "hungtt28", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-213/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-213/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8858.json b/2020/8xxx/CVE-2020-8858.json new file mode 100644 index 00000000000..3fb2f2e142a --- /dev/null +++ b/2020/8xxx/CVE-2020-8858.json @@ -0,0 +1,74 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-8858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MGate 5105-MB-EIP", + "version": { + "version_data": [ + { + "version_value": "firmware version 4.1" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } + ] + } + }, + "credit": "Dove Chiu, Philippe Lin, Charles Perine, Marco Balduzzi, Ryan Flores, Rainer Vosseler", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-214/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-214/" + }, + { + "url": "https://www.moxa.com/en/support/support/security-advisory/mgate-5105-mb-eip-series-protocol-gateways-vulnerability", + "refsource": "MISC", + "name": "https://www.moxa.com/en/support/support/security-advisory/mgate-5105-mb-eip-series-protocol-gateways-vulnerability" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8859.json b/2020/8xxx/CVE-2020-8859.json new file mode 100644 index 00000000000..8f1b5421efe --- /dev/null +++ b/2020/8xxx/CVE-2020-8859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8860.json b/2020/8xxx/CVE-2020-8860.json new file mode 100644 index 00000000000..16e3ce056e6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8861.json b/2020/8xxx/CVE-2020-8861.json new file mode 100644 index 00000000000..b33fe8067af --- /dev/null +++ b/2020/8xxx/CVE-2020-8861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8862.json b/2020/8xxx/CVE-2020-8862.json new file mode 100644 index 00000000000..cc3a0f9535d --- /dev/null +++ b/2020/8xxx/CVE-2020-8862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8863.json b/2020/8xxx/CVE-2020-8863.json new file mode 100644 index 00000000000..e266875d6f1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8864.json b/2020/8xxx/CVE-2020-8864.json new file mode 100644 index 00000000000..90f453d8b6b --- /dev/null +++ b/2020/8xxx/CVE-2020-8864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8865.json b/2020/8xxx/CVE-2020-8865.json new file mode 100644 index 00000000000..fc5f5e17eff --- /dev/null +++ b/2020/8xxx/CVE-2020-8865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8866.json b/2020/8xxx/CVE-2020-8866.json new file mode 100644 index 00000000000..e97fe753302 --- /dev/null +++ b/2020/8xxx/CVE-2020-8866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8867.json b/2020/8xxx/CVE-2020-8867.json new file mode 100644 index 00000000000..d80ca3c5d01 --- /dev/null +++ b/2020/8xxx/CVE-2020-8867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8868.json b/2020/8xxx/CVE-2020-8868.json new file mode 100644 index 00000000000..0b2eb9b3dab --- /dev/null +++ b/2020/8xxx/CVE-2020-8868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8869.json b/2020/8xxx/CVE-2020-8869.json new file mode 100644 index 00000000000..92f06a2f6c1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8870.json b/2020/8xxx/CVE-2020-8870.json new file mode 100644 index 00000000000..98d1604e458 --- /dev/null +++ b/2020/8xxx/CVE-2020-8870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8871.json b/2020/8xxx/CVE-2020-8871.json new file mode 100644 index 00000000000..caa687643a9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8872.json b/2020/8xxx/CVE-2020-8872.json new file mode 100644 index 00000000000..b65a22a5e05 --- /dev/null +++ b/2020/8xxx/CVE-2020-8872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8873.json b/2020/8xxx/CVE-2020-8873.json new file mode 100644 index 00000000000..b1fe46ee7ef --- /dev/null +++ b/2020/8xxx/CVE-2020-8873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8874.json b/2020/8xxx/CVE-2020-8874.json new file mode 100644 index 00000000000..64d7809c10b --- /dev/null +++ b/2020/8xxx/CVE-2020-8874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8875.json b/2020/8xxx/CVE-2020-8875.json new file mode 100644 index 00000000000..79b22e62b84 --- /dev/null +++ b/2020/8xxx/CVE-2020-8875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8876.json b/2020/8xxx/CVE-2020-8876.json new file mode 100644 index 00000000000..3a5dbf08284 --- /dev/null +++ b/2020/8xxx/CVE-2020-8876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8877.json b/2020/8xxx/CVE-2020-8877.json new file mode 100644 index 00000000000..ed09e228ce8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8878.json b/2020/8xxx/CVE-2020-8878.json new file mode 100644 index 00000000000..c7e3a9c38de --- /dev/null +++ b/2020/8xxx/CVE-2020-8878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8879.json b/2020/8xxx/CVE-2020-8879.json new file mode 100644 index 00000000000..4dcdc5bbd3a --- /dev/null +++ b/2020/8xxx/CVE-2020-8879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8880.json b/2020/8xxx/CVE-2020-8880.json new file mode 100644 index 00000000000..27c7173f5fc --- /dev/null +++ b/2020/8xxx/CVE-2020-8880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8881.json b/2020/8xxx/CVE-2020-8881.json new file mode 100644 index 00000000000..84764548c18 --- /dev/null +++ b/2020/8xxx/CVE-2020-8881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8882.json b/2020/8xxx/CVE-2020-8882.json new file mode 100644 index 00000000000..9d7e024ab64 --- /dev/null +++ b/2020/8xxx/CVE-2020-8882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8883.json b/2020/8xxx/CVE-2020-8883.json new file mode 100644 index 00000000000..a2a47ec81c5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8884.json b/2020/8xxx/CVE-2020-8884.json new file mode 100644 index 00000000000..5cf92605e79 --- /dev/null +++ b/2020/8xxx/CVE-2020-8884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8885.json b/2020/8xxx/CVE-2020-8885.json new file mode 100644 index 00000000000..19403fd8679 --- /dev/null +++ b/2020/8xxx/CVE-2020-8885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8886.json b/2020/8xxx/CVE-2020-8886.json new file mode 100644 index 00000000000..2b79a74951d --- /dev/null +++ b/2020/8xxx/CVE-2020-8886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8887.json b/2020/8xxx/CVE-2020-8887.json new file mode 100644 index 00000000000..25c5f9a4909 --- /dev/null +++ b/2020/8xxx/CVE-2020-8887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8888.json b/2020/8xxx/CVE-2020-8888.json new file mode 100644 index 00000000000..19460ad7e42 --- /dev/null +++ b/2020/8xxx/CVE-2020-8888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8889.json b/2020/8xxx/CVE-2020-8889.json new file mode 100644 index 00000000000..1e957e171ae --- /dev/null +++ b/2020/8xxx/CVE-2020-8889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8890.json b/2020/8xxx/CVE-2020-8890.json new file mode 100644 index 00000000000..dcb84060887 --- /dev/null +++ b/2020/8xxx/CVE-2020-8890.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3" + }, + { + "url": "https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520" + }, + { + "url": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8891.json b/2020/8xxx/CVE-2020-8891.json new file mode 100644 index 00000000000..59b9bb6f491 --- /dev/null +++ b/2020/8xxx/CVE-2020-8891.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3" + }, + { + "url": "https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520" + }, + { + "url": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8892.json b/2020/8xxx/CVE-2020-8892.json new file mode 100644 index 00000000000..54334afbdd2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8892.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3" + }, + { + "url": "https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520" + }, + { + "url": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8893.json b/2020/8xxx/CVE-2020-8893.json new file mode 100644 index 00000000000..39ec9f380f3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8893.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121" + }, + { + "url": "https://github.com/MISP/MISP/commit/3d982d92fd26584115c01f8c560a688d1096b65c", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/3d982d92fd26584115c01f8c560a688d1096b65c" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8894.json b/2020/8xxx/CVE-2020-8894.json new file mode 100644 index 00000000000..55e376a1eaa --- /dev/null +++ b/2020/8xxx/CVE-2020-8894.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121" + }, + { + "url": "https://github.com/MISP/MISP/commit/9400b8bc8699435d84508e598aca98a31affd77c", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/9400b8bc8699435d84508e598aca98a31affd77c" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8895.json b/2020/8xxx/CVE-2020-8895.json new file mode 100644 index 00000000000..e3d9f7ae066 --- /dev/null +++ b/2020/8xxx/CVE-2020-8895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8896.json b/2020/8xxx/CVE-2020-8896.json new file mode 100644 index 00000000000..85f0ade4b00 --- /dev/null +++ b/2020/8xxx/CVE-2020-8896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8897.json b/2020/8xxx/CVE-2020-8897.json new file mode 100644 index 00000000000..e7c65049bce --- /dev/null +++ b/2020/8xxx/CVE-2020-8897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8898.json b/2020/8xxx/CVE-2020-8898.json new file mode 100644 index 00000000000..cba6ab36862 --- /dev/null +++ b/2020/8xxx/CVE-2020-8898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8899.json b/2020/8xxx/CVE-2020-8899.json new file mode 100644 index 00000000000..664c909e8c3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8900.json b/2020/8xxx/CVE-2020-8900.json new file mode 100644 index 00000000000..90fb2694e92 --- /dev/null +++ b/2020/8xxx/CVE-2020-8900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8901.json b/2020/8xxx/CVE-2020-8901.json new file mode 100644 index 00000000000..14ea579b227 --- /dev/null +++ b/2020/8xxx/CVE-2020-8901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8902.json b/2020/8xxx/CVE-2020-8902.json new file mode 100644 index 00000000000..6a12387599e --- /dev/null +++ b/2020/8xxx/CVE-2020-8902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8903.json b/2020/8xxx/CVE-2020-8903.json new file mode 100644 index 00000000000..bd74d38d22a --- /dev/null +++ b/2020/8xxx/CVE-2020-8903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8904.json b/2020/8xxx/CVE-2020-8904.json new file mode 100644 index 00000000000..2d62a0c8740 --- /dev/null +++ b/2020/8xxx/CVE-2020-8904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8905.json b/2020/8xxx/CVE-2020-8905.json new file mode 100644 index 00000000000..6c5ecc74ecb --- /dev/null +++ b/2020/8xxx/CVE-2020-8905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8906.json b/2020/8xxx/CVE-2020-8906.json new file mode 100644 index 00000000000..5f104bee5c6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8907.json b/2020/8xxx/CVE-2020-8907.json new file mode 100644 index 00000000000..b070252c1a2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8908.json b/2020/8xxx/CVE-2020-8908.json new file mode 100644 index 00000000000..4b97dc034dd --- /dev/null +++ b/2020/8xxx/CVE-2020-8908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8909.json b/2020/8xxx/CVE-2020-8909.json new file mode 100644 index 00000000000..68e044b7aa1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8910.json b/2020/8xxx/CVE-2020-8910.json new file mode 100644 index 00000000000..401649dfacc --- /dev/null +++ b/2020/8xxx/CVE-2020-8910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8911.json b/2020/8xxx/CVE-2020-8911.json new file mode 100644 index 00000000000..f050046ff08 --- /dev/null +++ b/2020/8xxx/CVE-2020-8911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8912.json b/2020/8xxx/CVE-2020-8912.json new file mode 100644 index 00000000000..dcdc4ef1106 --- /dev/null +++ b/2020/8xxx/CVE-2020-8912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8913.json b/2020/8xxx/CVE-2020-8913.json new file mode 100644 index 00000000000..6bc3c771516 --- /dev/null +++ b/2020/8xxx/CVE-2020-8913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8914.json b/2020/8xxx/CVE-2020-8914.json new file mode 100644 index 00000000000..0747aeea176 --- /dev/null +++ b/2020/8xxx/CVE-2020-8914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8915.json b/2020/8xxx/CVE-2020-8915.json new file mode 100644 index 00000000000..a64f2c4ba08 --- /dev/null +++ b/2020/8xxx/CVE-2020-8915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8916.json b/2020/8xxx/CVE-2020-8916.json new file mode 100644 index 00000000000..1e2a0cd75f2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8917.json b/2020/8xxx/CVE-2020-8917.json new file mode 100644 index 00000000000..dcd13c03003 --- /dev/null +++ b/2020/8xxx/CVE-2020-8917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8918.json b/2020/8xxx/CVE-2020-8918.json new file mode 100644 index 00000000000..1ebeaa81466 --- /dev/null +++ b/2020/8xxx/CVE-2020-8918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8919.json b/2020/8xxx/CVE-2020-8919.json new file mode 100644 index 00000000000..9b9c0b6b010 --- /dev/null +++ b/2020/8xxx/CVE-2020-8919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8920.json b/2020/8xxx/CVE-2020-8920.json new file mode 100644 index 00000000000..86f4a6226d3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8921.json b/2020/8xxx/CVE-2020-8921.json new file mode 100644 index 00000000000..549957bcf5d --- /dev/null +++ b/2020/8xxx/CVE-2020-8921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8922.json b/2020/8xxx/CVE-2020-8922.json new file mode 100644 index 00000000000..7d57c61d93a --- /dev/null +++ b/2020/8xxx/CVE-2020-8922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8923.json b/2020/8xxx/CVE-2020-8923.json new file mode 100644 index 00000000000..9f8c2378064 --- /dev/null +++ b/2020/8xxx/CVE-2020-8923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8924.json b/2020/8xxx/CVE-2020-8924.json new file mode 100644 index 00000000000..0275fbb58c0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8925.json b/2020/8xxx/CVE-2020-8925.json new file mode 100644 index 00000000000..9288c37dfcc --- /dev/null +++ b/2020/8xxx/CVE-2020-8925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8926.json b/2020/8xxx/CVE-2020-8926.json new file mode 100644 index 00000000000..b77c45aea56 --- /dev/null +++ b/2020/8xxx/CVE-2020-8926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8927.json b/2020/8xxx/CVE-2020-8927.json new file mode 100644 index 00000000000..4de7f23a230 --- /dev/null +++ b/2020/8xxx/CVE-2020-8927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8928.json b/2020/8xxx/CVE-2020-8928.json new file mode 100644 index 00000000000..d004592fa82 --- /dev/null +++ b/2020/8xxx/CVE-2020-8928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8929.json b/2020/8xxx/CVE-2020-8929.json new file mode 100644 index 00000000000..21331dcae2d --- /dev/null +++ b/2020/8xxx/CVE-2020-8929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8930.json b/2020/8xxx/CVE-2020-8930.json new file mode 100644 index 00000000000..25e1a988126 --- /dev/null +++ b/2020/8xxx/CVE-2020-8930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8931.json b/2020/8xxx/CVE-2020-8931.json new file mode 100644 index 00000000000..5bdeff23cdb --- /dev/null +++ b/2020/8xxx/CVE-2020-8931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8932.json b/2020/8xxx/CVE-2020-8932.json new file mode 100644 index 00000000000..321034a8ebf --- /dev/null +++ b/2020/8xxx/CVE-2020-8932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8933.json b/2020/8xxx/CVE-2020-8933.json new file mode 100644 index 00000000000..310cb632dc0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8934.json b/2020/8xxx/CVE-2020-8934.json new file mode 100644 index 00000000000..f761a39651a --- /dev/null +++ b/2020/8xxx/CVE-2020-8934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8935.json b/2020/8xxx/CVE-2020-8935.json new file mode 100644 index 00000000000..673fcf625fc --- /dev/null +++ b/2020/8xxx/CVE-2020-8935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8936.json b/2020/8xxx/CVE-2020-8936.json new file mode 100644 index 00000000000..b59ce82aa1a --- /dev/null +++ b/2020/8xxx/CVE-2020-8936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8937.json b/2020/8xxx/CVE-2020-8937.json new file mode 100644 index 00000000000..eb6184af370 --- /dev/null +++ b/2020/8xxx/CVE-2020-8937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8938.json b/2020/8xxx/CVE-2020-8938.json new file mode 100644 index 00000000000..41303e64724 --- /dev/null +++ b/2020/8xxx/CVE-2020-8938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8939.json b/2020/8xxx/CVE-2020-8939.json new file mode 100644 index 00000000000..ade1a7cef3e --- /dev/null +++ b/2020/8xxx/CVE-2020-8939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8940.json b/2020/8xxx/CVE-2020-8940.json new file mode 100644 index 00000000000..a8e75bfb75f --- /dev/null +++ b/2020/8xxx/CVE-2020-8940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8941.json b/2020/8xxx/CVE-2020-8941.json new file mode 100644 index 00000000000..9d17dbf486e --- /dev/null +++ b/2020/8xxx/CVE-2020-8941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8942.json b/2020/8xxx/CVE-2020-8942.json new file mode 100644 index 00000000000..8c9f4923b8b --- /dev/null +++ b/2020/8xxx/CVE-2020-8942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8943.json b/2020/8xxx/CVE-2020-8943.json new file mode 100644 index 00000000000..563d6c4afa0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8944.json b/2020/8xxx/CVE-2020-8944.json new file mode 100644 index 00000000000..ed47439f53d --- /dev/null +++ b/2020/8xxx/CVE-2020-8944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8945.json b/2020/8xxx/CVE-2020-8945.json new file mode 100644 index 00000000000..07d8571f698 --- /dev/null +++ b/2020/8xxx/CVE-2020-8945.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/proglottis/gpgme/pull/23", + "refsource": "MISC", + "name": "https://github.com/proglottis/gpgme/pull/23" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838" + }, + { + "url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1", + "refsource": "MISC", + "name": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1" + }, + { + "url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1", + "refsource": "MISC", + "name": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8946.json b/2020/8xxx/CVE-2020-8946.json new file mode 100644 index 00000000000..94914b2154a --- /dev/null +++ b/2020/8xxx/CVE-2020-8946.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/02/netis-authenticated-rce-on-wf2471.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/02/netis-authenticated-rce-on-wf2471.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8947.json b/2020/8xxx/CVE-2020-8947.json new file mode 100644 index 00000000000..6434ca572e7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8947.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://engindemirbilek.github.io/pandorafms-rce", + "refsource": "MISC", + "name": "https://engindemirbilek.github.io/pandorafms-rce" + }, + { + "url": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/pandorafms-rce.html", + "refsource": "MISC", + "name": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/pandorafms-rce.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156326/Pandora-FMS-7.0-Authenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156326/Pandora-FMS-7.0-Authenticated-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8948.json b/2020/8xxx/CVE-2020-8948.json new file mode 100644 index 00000000000..13ee4821a5c --- /dev/null +++ b/2020/8xxx/CVE-2020-8948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8949.json b/2020/8xxx/CVE-2020-8949.json new file mode 100644 index 00000000000..a41d515c358 --- /dev/null +++ b/2020/8xxx/CVE-2020-8949.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/02/gocloud-rce-in-gocloud-routers.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/02/gocloud-rce-in-gocloud-routers.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8950.json b/2020/8xxx/CVE-2020-8950.json new file mode 100644 index 00000000000..507dece607a --- /dev/null +++ b/2020/8xxx/CVE-2020-8950.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\\AMD\\PPC\\upload and then creating a symbolic link in %PROGRAMDATA%\\AMD\\PPC\\temp that points to an arbitrary folder with an arbitrary file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://heynowyouseeme.blogspot.com/2020/02/privilege-escalation-filewrite-eop-in.html", + "refsource": "MISC", + "name": "https://heynowyouseeme.blogspot.com/2020/02/privilege-escalation-filewrite-eop-in.html" + }, + { + "url": "https://heynowyouseeme.blogspot.com/2020/02/another-privilege-escalation-filewrite.html", + "refsource": "MISC", + "name": "https://heynowyouseeme.blogspot.com/2020/02/another-privilege-escalation-filewrite.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8951.json b/2020/8xxx/CVE-2020-8951.json new file mode 100644 index 00000000000..b8859f5a19f --- /dev/null +++ b/2020/8xxx/CVE-2020-8951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8952.json b/2020/8xxx/CVE-2020-8952.json new file mode 100644 index 00000000000..0fb882b2e60 --- /dev/null +++ b/2020/8xxx/CVE-2020-8952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8953.json b/2020/8xxx/CVE-2020-8953.json new file mode 100644 index 00000000000..0d413319b4d --- /dev/null +++ b/2020/8xxx/CVE-2020-8953.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://openvpn.net/security-advisories/", + "url": "https://openvpn.net/security-advisories/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8954.json b/2020/8xxx/CVE-2020-8954.json new file mode 100644 index 00000000000..ee305e0d289 --- /dev/null +++ b/2020/8xxx/CVE-2020-8954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8955.json b/2020/8xxx/CVE-2020-8955.json new file mode 100644 index 00000000000..b38fd71ab39 --- /dev/null +++ b/2020/8xxx/CVE-2020-8955.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://weechat.org/doc/security/", + "refsource": "MISC", + "name": "https://weechat.org/doc/security/" + }, + { + "url": "https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da", + "refsource": "MISC", + "name": "https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8956.json b/2020/8xxx/CVE-2020-8956.json new file mode 100644 index 00000000000..1e2272486ba --- /dev/null +++ b/2020/8xxx/CVE-2020-8956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8957.json b/2020/8xxx/CVE-2020-8957.json new file mode 100644 index 00000000000..ada636290bc --- /dev/null +++ b/2020/8xxx/CVE-2020-8957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8958.json b/2020/8xxx/CVE-2020-8958.json new file mode 100644 index 00000000000..b7693eb5a9d --- /dev/null +++ b/2020/8xxx/CVE-2020-8958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8959.json b/2020/8xxx/CVE-2020-8959.json new file mode 100644 index 00000000000..c96caafa281 --- /dev/null +++ b/2020/8xxx/CVE-2020-8959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8960.json b/2020/8xxx/CVE-2020-8960.json new file mode 100644 index 00000000000..7af50fbd0d1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8961.json b/2020/8xxx/CVE-2020-8961.json new file mode 100644 index 00000000000..1c226f30664 --- /dev/null +++ b/2020/8xxx/CVE-2020-8961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8962.json b/2020/8xxx/CVE-2020-8962.json new file mode 100644 index 00000000000..cce556cf957 --- /dev/null +++ b/2020/8xxx/CVE-2020-8962.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ctrsec.io/index.php/2020/02/12/cve-2020-8962-d-link-dir-842-stack-based-buffer-overflow/", + "refsource": "MISC", + "name": "https://ctrsec.io/index.php/2020/02/12/cve-2020-8962-d-link-dir-842-stack-based-buffer-overflow/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8963.json b/2020/8xxx/CVE-2020-8963.json new file mode 100644 index 00000000000..714468b7d3d --- /dev/null +++ b/2020/8xxx/CVE-2020-8963.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8964.json b/2020/8xxx/CVE-2020-8964.json new file mode 100644 index 00000000000..6daf4655896 --- /dev/null +++ b/2020/8xxx/CVE-2020-8964.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a \"hardcoded cookie.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/02/timetools-sr-sc-series-network-time.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8965.json b/2020/8xxx/CVE-2020-8965.json new file mode 100644 index 00000000000..41662118441 --- /dev/null +++ b/2020/8xxx/CVE-2020-8965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8966.json b/2020/8xxx/CVE-2020-8966.json new file mode 100644 index 00000000000..3bee27d713b --- /dev/null +++ b/2020/8xxx/CVE-2020-8966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8967.json b/2020/8xxx/CVE-2020-8967.json new file mode 100644 index 00000000000..24e2f90fa60 --- /dev/null +++ b/2020/8xxx/CVE-2020-8967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8968.json b/2020/8xxx/CVE-2020-8968.json new file mode 100644 index 00000000000..f565af22c6f --- /dev/null +++ b/2020/8xxx/CVE-2020-8968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8969.json b/2020/8xxx/CVE-2020-8969.json new file mode 100644 index 00000000000..7bd583f4122 --- /dev/null +++ b/2020/8xxx/CVE-2020-8969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8970.json b/2020/8xxx/CVE-2020-8970.json new file mode 100644 index 00000000000..387e0464089 --- /dev/null +++ b/2020/8xxx/CVE-2020-8970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8971.json b/2020/8xxx/CVE-2020-8971.json new file mode 100644 index 00000000000..beaaec92d71 --- /dev/null +++ b/2020/8xxx/CVE-2020-8971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8972.json b/2020/8xxx/CVE-2020-8972.json new file mode 100644 index 00000000000..724e24ae876 --- /dev/null +++ b/2020/8xxx/CVE-2020-8972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8973.json b/2020/8xxx/CVE-2020-8973.json new file mode 100644 index 00000000000..21b8835c013 --- /dev/null +++ b/2020/8xxx/CVE-2020-8973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8974.json b/2020/8xxx/CVE-2020-8974.json new file mode 100644 index 00000000000..175095a8556 --- /dev/null +++ b/2020/8xxx/CVE-2020-8974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8975.json b/2020/8xxx/CVE-2020-8975.json new file mode 100644 index 00000000000..b0ea3d8c43a --- /dev/null +++ b/2020/8xxx/CVE-2020-8975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8976.json b/2020/8xxx/CVE-2020-8976.json new file mode 100644 index 00000000000..64bc5842cb9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8977.json b/2020/8xxx/CVE-2020-8977.json new file mode 100644 index 00000000000..c3e5e3d0ac4 --- /dev/null +++ b/2020/8xxx/CVE-2020-8977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8978.json b/2020/8xxx/CVE-2020-8978.json new file mode 100644 index 00000000000..c73d39b0aaa --- /dev/null +++ b/2020/8xxx/CVE-2020-8978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8979.json b/2020/8xxx/CVE-2020-8979.json new file mode 100644 index 00000000000..b9e21ae103d --- /dev/null +++ b/2020/8xxx/CVE-2020-8979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8980.json b/2020/8xxx/CVE-2020-8980.json new file mode 100644 index 00000000000..9a20ed6f059 --- /dev/null +++ b/2020/8xxx/CVE-2020-8980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8981.json b/2020/8xxx/CVE-2020-8981.json new file mode 100644 index 00000000000..f2a78fc38c1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8981.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mantisbt-plugins/source-integration/issues/338", + "refsource": "MISC", + "name": "https://github.com/mantisbt-plugins/source-integration/issues/338" + }, + { + "url": "https://github.com/mantisbt-plugins/source-integration/commit/270675c964c675829fe010f9f0830521dc0835f0", + "refsource": "MISC", + "name": "https://github.com/mantisbt-plugins/source-integration/commit/270675c964c675829fe010f9f0830521dc0835f0" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8982.json b/2020/8xxx/CVE-2020-8982.json new file mode 100644 index 00000000000..fc71a9a7f0b --- /dev/null +++ b/2020/8xxx/CVE-2020-8982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8983.json b/2020/8xxx/CVE-2020-8983.json new file mode 100644 index 00000000000..eaeb8110173 --- /dev/null +++ b/2020/8xxx/CVE-2020-8983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8984.json b/2020/8xxx/CVE-2020-8984.json new file mode 100644 index 00000000000..4017f143932 --- /dev/null +++ b/2020/8xxx/CVE-2020-8984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8985.json b/2020/8xxx/CVE-2020-8985.json new file mode 100644 index 00000000000..a79f27f4b0e --- /dev/null +++ b/2020/8xxx/CVE-2020-8985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8986.json b/2020/8xxx/CVE-2020-8986.json new file mode 100644 index 00000000000..a81bdc4733e --- /dev/null +++ b/2020/8xxx/CVE-2020-8986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8987.json b/2020/8xxx/CVE-2020-8987.json new file mode 100644 index 00000000000..56abf7e430a --- /dev/null +++ b/2020/8xxx/CVE-2020-8987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8988.json b/2020/8xxx/CVE-2020-8988.json new file mode 100644 index 00000000000..944703aaa9e --- /dev/null +++ b/2020/8xxx/CVE-2020-8988.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf", + "refsource": "MISC", + "name": "https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf" + }, + { + "url": "https://blog.voatz.com/?p=1209", + "refsource": "MISC", + "name": "https://blog.voatz.com/?p=1209" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8989.json b/2020/8xxx/CVE-2020-8989.json new file mode 100644 index 00000000000..67e709a3ec5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8989.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. For example, a small amount of sniffed data may indicate that a vote was cast for the candidate with the least metadata. An active man-in-the-middle attacker can leverage this behavior to disrupt voters' abilities to vote for a candidate opposed by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf", + "refsource": "MISC", + "name": "https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf" + }, + { + "url": "https://blog.voatz.com/?p=1209", + "refsource": "MISC", + "name": "https://blog.voatz.com/?p=1209" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8990.json b/2020/8xxx/CVE-2020-8990.json new file mode 100644 index 00000000000..ce221277164 --- /dev/null +++ b/2020/8xxx/CVE-2020-8990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8991.json b/2020/8xxx/CVE-2020-8991.json new file mode 100644 index 00000000000..2ffb1ba498a --- /dev/null +++ b/2020/8xxx/CVE-2020-8991.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701", + "refsource": "MISC", + "name": "https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8992.json b/2020/8xxx/CVE-2020-8992.json new file mode 100644 index 00000000000..6b6c226b32d --- /dev/null +++ b/2020/8xxx/CVE-2020-8992.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://patchwork.ozlabs.org/patch/1236118/", + "refsource": "MISC", + "name": "https://patchwork.ozlabs.org/patch/1236118/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8993.json b/2020/8xxx/CVE-2020-8993.json new file mode 100644 index 00000000000..55b6c20f8cd --- /dev/null +++ b/2020/8xxx/CVE-2020-8993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8994.json b/2020/8xxx/CVE-2020-8994.json new file mode 100644 index 00000000000..bc6512714cf --- /dev/null +++ b/2020/8xxx/CVE-2020-8994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8995.json b/2020/8xxx/CVE-2020-8995.json new file mode 100644 index 00000000000..3312732f0b4 --- /dev/null +++ b/2020/8xxx/CVE-2020-8995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8996.json b/2020/8xxx/CVE-2020-8996.json new file mode 100644 index 00000000000..f6d1ea4a390 --- /dev/null +++ b/2020/8xxx/CVE-2020-8996.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/codingdream/anyshare_vul", + "refsource": "MISC", + "name": "https://github.com/codingdream/anyshare_vul" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8997.json b/2020/8xxx/CVE-2020-8997.json new file mode 100644 index 00000000000..529073b1542 --- /dev/null +++ b/2020/8xxx/CVE-2020-8997.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Abbott FreeStyle Libre 14-day before February 2020 and FreeStyle Libre 2 before February 2020 allow remote attackers to enable write access via a specific NFC unlock command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/zeroday/FG-VD-19-112", + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-19-112" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8998.json b/2020/8xxx/CVE-2020-8998.json new file mode 100644 index 00000000000..16bf560cf1d --- /dev/null +++ b/2020/8xxx/CVE-2020-8998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8999.json b/2020/8xxx/CVE-2020-8999.json new file mode 100644 index 00000000000..3964941f13e --- /dev/null +++ b/2020/8xxx/CVE-2020-8999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9000.json b/2020/9xxx/CVE-2020-9000.json new file mode 100644 index 00000000000..9cce7b5aff9 --- /dev/null +++ b/2020/9xxx/CVE-2020-9000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9001.json b/2020/9xxx/CVE-2020-9001.json new file mode 100644 index 00000000000..8397b214e78 --- /dev/null +++ b/2020/9xxx/CVE-2020-9001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9002.json b/2020/9xxx/CVE-2020-9002.json new file mode 100644 index 00000000000..5e327e593da --- /dev/null +++ b/2020/9xxx/CVE-2020-9002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9003.json b/2020/9xxx/CVE-2020-9003.json new file mode 100644 index 00000000000..ee0f646eb6d --- /dev/null +++ b/2020/9xxx/CVE-2020-9003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9004.json b/2020/9xxx/CVE-2020-9004.json new file mode 100644 index 00000000000..a4ecb52a908 --- /dev/null +++ b/2020/9xxx/CVE-2020-9004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9005.json b/2020/9xxx/CVE-2020-9005.json new file mode 100644 index 00000000000..b8b78f03ec4 --- /dev/null +++ b/2020/9xxx/CVE-2020-9005.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/blob/master/CVE-2020-9005/README.md", + "url": "https://github.com/bi7s/CVE/blob/master/CVE-2020-9005/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9006.json b/2020/9xxx/CVE-2020-9006.json new file mode 100644 index 00000000000..7dd97342c65 --- /dev/null +++ b/2020/9xxx/CVE-2020-9006.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/popup-builder/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/popup-builder/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/2.2.8/files/sg_popup_ajax.php#L69", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/popup-builder/tags/2.2.8/files/sg_popup_ajax.php#L69" + }, + { + "refsource": "MISC", + "name": "https://zeroauth.ltd/blog/2020/02/16/cve-2020-9006-popup-builder-wp-plugin-sql-injection-via-php-deserialization/", + "url": "https://zeroauth.ltd/blog/2020/02/16/cve-2020-9006-popup-builder-wp-plugin-sql-injection-via-php-deserialization/" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9007.json b/2020/9xxx/CVE-2020-9007.json new file mode 100644 index 00000000000..31020dc5d6f --- /dev/null +++ b/2020/9xxx/CVE-2020-9007.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Codoforum 4.8.8 allows self-XSS via the title of a new topic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/matuhn/Research/blob/master/codoforum/readme.md", + "refsource": "MISC", + "name": "https://github.com/matuhn/Research/blob/master/codoforum/readme.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9008.json b/2020/9xxx/CVE-2020-9008.json new file mode 100644 index 00000000000..829d1433cb0 --- /dev/null +++ b/2020/9xxx/CVE-2020-9008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9009.json b/2020/9xxx/CVE-2020-9009.json new file mode 100644 index 00000000000..d81fb1722ca --- /dev/null +++ b/2020/9xxx/CVE-2020-9009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9010.json b/2020/9xxx/CVE-2020-9010.json new file mode 100644 index 00000000000..2a648dee21e --- /dev/null +++ b/2020/9xxx/CVE-2020-9010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9011.json b/2020/9xxx/CVE-2020-9011.json new file mode 100644 index 00000000000..737c5d19c30 --- /dev/null +++ b/2020/9xxx/CVE-2020-9011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9012.json b/2020/9xxx/CVE-2020-9012.json new file mode 100644 index 00000000000..faa64975771 --- /dev/null +++ b/2020/9xxx/CVE-2020-9012.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.gluu.org/other/7992/reflected-cross-site-scripting-on-import-people/", + "refsource": "MISC", + "name": "https://support.gluu.org/other/7992/reflected-cross-site-scripting-on-import-people/" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9013.json b/2020/9xxx/CVE-2020-9013.json new file mode 100644 index 00000000000..b36e6e8044d --- /dev/null +++ b/2020/9xxx/CVE-2020-9013.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting
from the HTML source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/GerardFuguet/status/1228462263188758529", + "refsource": "MISC", + "name": "https://twitter.com/GerardFuguet/status/1228462263188758529" + }, + { + "url": "https://www.youtube.com/watch?v=Ok1UmRFWoLY", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=Ok1UmRFWoLY" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9014.json b/2020/9xxx/CVE-2020-9014.json new file mode 100644 index 00000000000..1a6f22ad393 --- /dev/null +++ b/2020/9xxx/CVE-2020-9014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9015.json b/2020/9xxx/CVE-2020-9015.json new file mode 100644 index 00000000000..79c38bf2eb0 --- /dev/null +++ b/2020/9xxx/CVE-2020-9015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9016.json b/2020/9xxx/CVE-2020-9016.json new file mode 100644 index 00000000000..e91439ed425 --- /dev/null +++ b/2020/9xxx/CVE-2020-9016.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://code610.blogspot.com/2020/02/this-time-i-tried-to-check-one-of.html", + "refsource": "MISC", + "name": "https://code610.blogspot.com/2020/02/this-time-i-tried-to-check-one-of.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9017.json b/2020/9xxx/CVE-2020-9017.json new file mode 100644 index 00000000000..0b52e730d01 --- /dev/null +++ b/2020/9xxx/CVE-2020-9017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9018.json b/2020/9xxx/CVE-2020-9018.json new file mode 100644 index 00000000000..1d441eb8aa3 --- /dev/null +++ b/2020/9xxx/CVE-2020-9018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9019.json b/2020/9xxx/CVE-2020-9019.json new file mode 100644 index 00000000000..06adece3450 --- /dev/null +++ b/2020/9xxx/CVE-2020-9019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9020.json b/2020/9xxx/CVE-2020-9020.json new file mode 100644 index 00000000000..e06cab0dff3 --- /dev/null +++ b/2020/9xxx/CVE-2020-9020.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit-os.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit-os.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9021.json b/2020/9xxx/CVE-2020-9021.json new file mode 100644 index 00000000000..0aa1ce0f348 --- /dev/null +++ b/2020/9xxx/CVE-2020-9021.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9022.json b/2020/9xxx/CVE-2020-9022.json new file mode 100644 index 00000000000..468a18ae1b3 --- /dev/null +++ b/2020/9xxx/CVE-2020-9022.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/xirrus-xirrus-wifi-xss.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/xirrus-xirrus-wifi-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9023.json b/2020/9xxx/CVE-2020-9023.json new file mode 100644 index 00000000000..7de5a744224 --- /dev/null +++ b/2020/9xxx/CVE-2020-9023.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit-no.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit-no.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9024.json b/2020/9xxx/CVE-2020-9024.json new file mode 100644 index 00000000000..bbfada9f861 --- /dev/null +++ b/2020/9xxx/CVE-2020-9024.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9025.json b/2020/9xxx/CVE-2020-9025.json new file mode 100644 index 00000000000..38d4603c358 --- /dev/null +++ b/2020/9xxx/CVE-2020-9025.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit_26.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit_26.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9026.json b/2020/9xxx/CVE-2020-9026.json new file mode 100644 index 00000000000..35cdbd6fe98 --- /dev/null +++ b/2020/9xxx/CVE-2020-9026.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/eltex-devices-ntp-rg-1402g-ntp-2-os.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/eltex-devices-ntp-rg-1402g-ntp-2-os.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9027.json b/2020/9xxx/CVE-2020-9027.json new file mode 100644 index 00000000000..ea1f3e592ce --- /dev/null +++ b/2020/9xxx/CVE-2020-9027.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/eltex-devices-ntp-rg-1402g-ntp-2-os.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/eltex-devices-ntp-rg-1402g-ntp-2-os.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9028.json b/2020/9xxx/CVE-2020-9028.json new file mode 100644 index 00000000000..7789c93f75a --- /dev/null +++ b/2020/9xxx/CVE-2020-9028.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the \"User Creation, Deletion and Password Maintenance\" screen (when creating a new user)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_95.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_95.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9029.json b/2020/9xxx/CVE-2020-9029.json new file mode 100644 index 00000000000..6a7252e5b85 --- /dev/null +++ b/2020/9xxx/CVE-2020-9029.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9030.json b/2020/9xxx/CVE-2020-9030.json new file mode 100644 index 00000000000..0da66b69c5b --- /dev/null +++ b/2020/9xxx/CVE-2020-9030.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9031.json b/2020/9xxx/CVE-2020-9031.json new file mode 100644 index 00000000000..5d418943a2f --- /dev/null +++ b/2020/9xxx/CVE-2020-9031.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9032.json b/2020/9xxx/CVE-2020-9032.json new file mode 100644 index 00000000000..13ff208def7 --- /dev/null +++ b/2020/9xxx/CVE-2020-9032.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9033.json b/2020/9xxx/CVE-2020-9033.json new file mode 100644 index 00000000000..a119f2b2ca0 --- /dev/null +++ b/2020/9xxx/CVE-2020-9033.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9034.json b/2020/9xxx/CVE-2020-9034.json new file mode 100644 index 00000000000..4b5dc7e5ccb --- /dev/null +++ b/2020/9xxx/CVE-2020-9034.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_27.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_27.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9035.json b/2020/9xxx/CVE-2020-9035.json new file mode 100644 index 00000000000..6f4478fa3ad --- /dev/null +++ b/2020/9xxx/CVE-2020-9035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9036.json b/2020/9xxx/CVE-2020-9036.json new file mode 100644 index 00000000000..ed057146993 --- /dev/null +++ b/2020/9xxx/CVE-2020-9036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9037.json b/2020/9xxx/CVE-2020-9037.json new file mode 100644 index 00000000000..872a6d70a56 --- /dev/null +++ b/2020/9xxx/CVE-2020-9037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file