diff --git a/2020/5xxx/CVE-2020-5638.json b/2020/5xxx/CVE-2020-5638.json index 0b3403151c2..f705b9173a1 100644 --- a/2020/5xxx/CVE-2020-5638.json +++ b/2020/5xxx/CVE-2020-5638.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEOJAPAN Inc.", + "product": { + "product_data": [ + { + "product_name": "desknet's NEO", + "version": { + "version_data": [ + { + "version_value": "desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.desknets.com/neo/support/mainte/9700/" + }, + { + "url": "https://jvn.jp/en/jp/JVN42199826/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors." } ] } diff --git a/2020/5xxx/CVE-2020-5676.json b/2020/5xxx/CVE-2020-5676.json index 2276e25cc0f..0773ebea410 100644 --- a/2020/5xxx/CVE-2020-5676.json +++ b/2020/5xxx/CVE-2020-5676.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WESEEK, Inc.", + "product": { + "product_data": [ + { + "product_name": "GROWI", + "version": { + "version_data": [ + { + "version_value": "v4.1.3 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/weseek/growi" + }, + { + "url": "https://hub.docker.com/r/weseek/growi/" + }, + { + "url": "https://jvn.jp/en/jp/JVN56450373/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors." } ] } diff --git a/2020/5xxx/CVE-2020-5677.json b/2020/5xxx/CVE-2020-5677.json index 29df2b72726..0241b3d0a70 100644 --- a/2020/5xxx/CVE-2020-5677.json +++ b/2020/5xxx/CVE-2020-5677.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WESEEK, Inc.", + "product": { + "product_data": [ + { + "product_name": "GROWI", + "version": { + "version_data": [ + { + "version_value": "v4.0.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/weseek/growi" + }, + { + "url": "https://hub.docker.com/r/weseek/growi/" + }, + { + "url": "https://jvn.jp/en/jp/JVN56450373/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors." } ] } diff --git a/2020/5xxx/CVE-2020-5678.json b/2020/5xxx/CVE-2020-5678.json index 33a6977bacb..22e381703c6 100644 --- a/2020/5xxx/CVE-2020-5678.json +++ b/2020/5xxx/CVE-2020-5678.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WESEEK, Inc.", + "product": { + "product_data": [ + { + "product_name": "GROWI", + "version": { + "version_data": [ + { + "version_value": "v3.8.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/weseek/growi" + }, + { + "url": "https://hub.docker.com/r/weseek/growi/" + }, + { + "url": "https://jvn.jp/en/jp/JVN56450373/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors." } ] } diff --git a/2020/5xxx/CVE-2020-5679.json b/2020/5xxx/CVE-2020-5679.json index 25eb1956945..d4d885e7dc3 100644 --- a/2020/5xxx/CVE-2020-5679.json +++ b/2020/5xxx/CVE-2020-5679.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EC-CUBE CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "EC-CUBE", + "version": { + "version_data": [ + { + "version_value": "versions from 3.0.0 to 3.0.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Rendered UI Layers or Frames" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ec-cube.net/info/weakness/" + }, + { + "url": "https://jvn.jp/en/jp/JVN24457594/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted." } ] } diff --git a/2020/5xxx/CVE-2020-5680.json b/2020/5xxx/CVE-2020-5680.json index 94e4d82db16..2e71316f1e0 100644 --- a/2020/5xxx/CVE-2020-5680.json +++ b/2020/5xxx/CVE-2020-5680.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EC-CUBE CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "EC-CUBE", + "version": { + "version_data": [ + { + "version_value": "versions from 3.0.5 to 3.0.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ec-cube.net/info/weakness/" + }, + { + "url": "https://jvn.jp/en/jp/JVN24457594/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector." } ] }