diff --git a/2017/12xxx/CVE-2017-12481.json b/2017/12xxx/CVE-2017-12481.json index 2ac94c01e7d..eef42d0c612 100644 --- a/2017/12xxx/CVE-2017-12481.json +++ b/2017/12xxx/CVE-2017-12481.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1895", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-05", + "url": "https://security.gentoo.org/glsa/202004-05" } ] } diff --git a/2017/12xxx/CVE-2017-12482.json b/2017/12xxx/CVE-2017-12482.json index ed5a21c0f19..edfa3053397 100644 --- a/2017/12xxx/CVE-2017-12482.json +++ b/2017/12xxx/CVE-2017-12482.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1895", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-05", + "url": "https://security.gentoo.org/glsa/202004-05" } ] } diff --git a/2017/2xxx/CVE-2017-2807.json b/2017/2xxx/CVE-2017-2807.json index cf2bb80843f..b170b513163 100644 --- a/2017/2xxx/CVE-2017-2807.json +++ b/2017/2xxx/CVE-2017-2807.json @@ -72,6 +72,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1895", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-05", + "url": "https://security.gentoo.org/glsa/202004-05" } ] } diff --git a/2017/2xxx/CVE-2017-2808.json b/2017/2xxx/CVE-2017-2808.json index 278ec8729bf..028a8231760 100644 --- a/2017/2xxx/CVE-2017-2808.json +++ b/2017/2xxx/CVE-2017-2808.json @@ -72,6 +72,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1895", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-05", + "url": "https://security.gentoo.org/glsa/202004-05" } ] } diff --git a/2018/11xxx/CVE-2018-11802.json b/2018/11xxx/CVE-2018-11802.json index 9fa6dbe5873..54bef538a88 100644 --- a/2018/11xxx/CVE-2018-11802.json +++ b/2018/11xxx/CVE-2018-11802.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11802", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11802", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Solr", + "version": { + "version_data": [ + { + "version_value": "before 7.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2019/04/24/1", + "url": "https://www.openwall.com/lists/oss-security/2019/04/24/1" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin)." } ] } diff --git a/2019/10xxx/CVE-2019-10216.json b/2019/10xxx/CVE-2019-10216.json index c5d049d4a09..a64669a9482 100644 --- a/2019/10xxx/CVE-2019-10216.json +++ b/2019/10xxx/CVE-2019-10216.json @@ -53,6 +53,11 @@ "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19", "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19", "refsource": "CONFIRM" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] }, diff --git a/2019/13xxx/CVE-2019-13720.json b/2019/13xxx/CVE-2019-13720.json index faa8fcc19e1..098a33b2eb8 100644 --- a/2019/13xxx/CVE-2019-13720.json +++ b/2019/13xxx/CVE-2019-13720.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13720", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -59,6 +59,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2664", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-04", + "url": "https://security.gentoo.org/glsa/202004-04" } ] }, diff --git a/2019/14xxx/CVE-2019-14811.json b/2019/14xxx/CVE-2019-14811.json index 9826b0bc78b..82b946b16c2 100644 --- a/2019/14xxx/CVE-2019-14811.json +++ b/2019/14xxx/CVE-2019-14811.json @@ -98,6 +98,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:2824", "url": "https://access.redhat.com/errata/RHBA-2019:2824" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] }, diff --git a/2019/14xxx/CVE-2019-14812.json b/2019/14xxx/CVE-2019-14812.json index ecee1f1b80d..e9eda688797 100644 --- a/2019/14xxx/CVE-2019-14812.json +++ b/2019/14xxx/CVE-2019-14812.json @@ -68,6 +68,11 @@ "url": "https://bugs.ghostscript.com/show_bug.cgi?id=701444", "name": "https://bugs.ghostscript.com/show_bug.cgi?id=701444", "refsource": "CONFIRM" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] }, diff --git a/2019/14xxx/CVE-2019-14813.json b/2019/14xxx/CVE-2019-14813.json index 40830a201b8..b3f07509d3e 100644 --- a/2019/14xxx/CVE-2019-14813.json +++ b/2019/14xxx/CVE-2019-14813.json @@ -103,6 +103,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:2824", "url": "https://access.redhat.com/errata/RHBA-2019:2824" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] }, diff --git a/2019/14xxx/CVE-2019-14817.json b/2019/14xxx/CVE-2019-14817.json index 5f6dafd6fc7..38608a27201 100644 --- a/2019/14xxx/CVE-2019-14817.json +++ b/2019/14xxx/CVE-2019-14817.json @@ -103,6 +103,11 @@ "refsource": "REDHAT", "name": "RHBA-2019:2824", "url": "https://access.redhat.com/errata/RHBA-2019:2824" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] }, diff --git a/2019/17xxx/CVE-2019-17564.json b/2019/17xxx/CVE-2019-17564.json new file mode 100644 index 00000000000..7ef9af926be --- /dev/null +++ b/2019/17xxx/CVE-2019-17564.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17564", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Dubbo", + "version": { + "version_data": [ + { + "version_value": "2.7.0 to 2.7.4" + }, + { + "version_value": "2.6.0 to 2.6.7" + }, + { + "version_value": "all 2.5.x versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unsafe deserialization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r13f7a58fa5d61d729e538a378687118e00c3e229903ba1e7b3a807a2%40%3Cdev.dubbo.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r13f7a58fa5d61d729e538a378687118e00c3e229903ba1e7b3a807a2%40%3Cdev.dubbo.apache.org%3E" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2926.json b/2019/2xxx/CVE-2019-2926.json index d60a2018936..28e62dfb0b3 100644 --- a/2019/2xxx/CVE-2019-2926.json +++ b/2019/2xxx/CVE-2019-2926.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/2xxx/CVE-2019-2944.json b/2019/2xxx/CVE-2019-2944.json index bb9b7739b87..9f1cdeb1db6 100644 --- a/2019/2xxx/CVE-2019-2944.json +++ b/2019/2xxx/CVE-2019-2944.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/2xxx/CVE-2019-2984.json b/2019/2xxx/CVE-2019-2984.json index b7ed9a0a571..2e70ff23a71 100644 --- a/2019/2xxx/CVE-2019-2984.json +++ b/2019/2xxx/CVE-2019-2984.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3002.json b/2019/3xxx/CVE-2019-3002.json index a0bbc1bde86..a0adef94645 100644 --- a/2019/3xxx/CVE-2019-3002.json +++ b/2019/3xxx/CVE-2019-3002.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3005.json b/2019/3xxx/CVE-2019-3005.json index 11278f35b51..10b9aa6e32e 100644 --- a/2019/3xxx/CVE-2019-3005.json +++ b/2019/3xxx/CVE-2019-3005.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3017.json b/2019/3xxx/CVE-2019-3017.json index 3aee1768db4..543d31227da 100644 --- a/2019/3xxx/CVE-2019-3017.json +++ b/2019/3xxx/CVE-2019-3017.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-916/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-916/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3021.json b/2019/3xxx/CVE-2019-3021.json index 7c05166c633..0cda02d9063 100644 --- a/2019/3xxx/CVE-2019-3021.json +++ b/2019/3xxx/CVE-2019-3021.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3026.json b/2019/3xxx/CVE-2019-3026.json index b0104aff4d5..4de6e252af7 100644 --- a/2019/3xxx/CVE-2019-3026.json +++ b/2019/3xxx/CVE-2019-3026.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-917/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-917/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3028.json b/2019/3xxx/CVE-2019-3028.json index a699ecd89dd..dcfec998504 100644 --- a/2019/3xxx/CVE-2019-3028.json +++ b/2019/3xxx/CVE-2019-3028.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3031.json b/2019/3xxx/CVE-2019-3031.json index 4a66985375b..6e13688a830 100644 --- a/2019/3xxx/CVE-2019-3031.json +++ b/2019/3xxx/CVE-2019-3031.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-918/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-918/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2019/3xxx/CVE-2019-3835.json b/2019/3xxx/CVE-2019-3835.json index 29373b36f20..6a5efe785a8 100644 --- a/2019/3xxx/CVE-2019-3835.json +++ b/2019/3xxx/CVE-2019-3835.json @@ -118,6 +118,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2223", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] }, diff --git a/2019/3xxx/CVE-2019-3838.json b/2019/3xxx/CVE-2019-3838.json index 94038878af6..60da30d5801 100644 --- a/2019/3xxx/CVE-2019-3838.json +++ b/2019/3xxx/CVE-2019-3838.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:0971", "url": "https://access.redhat.com/errata/RHSA-2019:0971" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] }, diff --git a/2019/6xxx/CVE-2019-6116.json b/2019/6xxx/CVE-2019-6116.json index c1f951763bb..7d75cb29e9f 100644 --- a/2019/6xxx/CVE-2019-6116.json +++ b/2019/6xxx/CVE-2019-6116.json @@ -156,6 +156,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-ebd6c4f15a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-03", + "url": "https://security.gentoo.org/glsa/202004-03" } ] } diff --git a/2020/10xxx/CVE-2020-10174.json b/2020/10xxx/CVE-2020-10174.json index 060670c6a32..f365a7c8e5e 100644 --- a/2020/10xxx/CVE-2020-10174.json +++ b/2020/10xxx/CVE-2020-10174.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-1050d60507", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAOFXT64CEUMJE3723JDJWTEQWQUCYMD/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4312-1", + "url": "https://usn.ubuntu.com/4312-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11469.json b/2020/11xxx/CVE-2020-11469.json new file mode 100644 index 00000000000..802606307f2 --- /dev/null +++ b/2020/11xxx/CVE-2020-11469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11470.json b/2020/11xxx/CVE-2020-11470.json new file mode 100644 index 00000000000..44cbb506920 --- /dev/null +++ b/2020/11xxx/CVE-2020-11470.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://objective-see.com/blog/blog_0x56.html", + "refsource": "MISC", + "name": "https://objective-see.com/blog/blog_0x56.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:H/AV:L/A:N/C:L/I:N/PR:H/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1958.json b/2020/1xxx/CVE-2020-1958.json index 0ca3266756a..728cbc4a32d 100644 --- a/2020/1xxx/CVE-2020-1958.json +++ b/2020/1xxx/CVE-2020-1958.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Druid", + "version": { + "version_data": [ + { + "version_value": "0.17.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized access and information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r9d437371793b410f8a8e18f556d52d4bb68e18c537962f6a97f4945e%40%3Cdev.druid.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r9d437371793b410f8a8e18f556d52d4bb68e18c537962f6a97f4945e%40%3Cdev.druid.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user." } ] } diff --git a/2020/2xxx/CVE-2020-2674.json b/2020/2xxx/CVE-2020-2674.json index f8fc5b12ce9..6d7d39bbc52 100644 --- a/2020/2xxx/CVE-2020-2674.json +++ b/2020/2xxx/CVE-2020-2674.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2678.json b/2020/2xxx/CVE-2020-2678.json index 3e0f616652a..3e45a0ed62d 100644 --- a/2020/2xxx/CVE-2020-2678.json +++ b/2020/2xxx/CVE-2020-2678.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2681.json b/2020/2xxx/CVE-2020-2681.json index 50e0f2372f9..bd6efb78f06 100644 --- a/2020/2xxx/CVE-2020-2681.json +++ b/2020/2xxx/CVE-2020-2681.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2682.json b/2020/2xxx/CVE-2020-2682.json index 8b6603a290f..e625f7111a9 100644 --- a/2020/2xxx/CVE-2020-2682.json +++ b/2020/2xxx/CVE-2020-2682.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2689.json b/2020/2xxx/CVE-2020-2689.json index 01cce41490b..615eb009322 100644 --- a/2020/2xxx/CVE-2020-2689.json +++ b/2020/2xxx/CVE-2020-2689.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2690.json b/2020/2xxx/CVE-2020-2690.json index 5e76bdfaf6f..c97a7f10a9f 100644 --- a/2020/2xxx/CVE-2020-2690.json +++ b/2020/2xxx/CVE-2020-2690.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2691.json b/2020/2xxx/CVE-2020-2691.json index d1503764d09..aa2855207d7 100644 --- a/2020/2xxx/CVE-2020-2691.json +++ b/2020/2xxx/CVE-2020-2691.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2692.json b/2020/2xxx/CVE-2020-2692.json index f1e3095b41e..ca34ee101b2 100644 --- a/2020/2xxx/CVE-2020-2692.json +++ b/2020/2xxx/CVE-2020-2692.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2693.json b/2020/2xxx/CVE-2020-2693.json index 571adcae864..c5eb10feaa6 100644 --- a/2020/2xxx/CVE-2020-2693.json +++ b/2020/2xxx/CVE-2020-2693.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2698.json b/2020/2xxx/CVE-2020-2698.json index 9a303fb5979..47f04bfa3d2 100644 --- a/2020/2xxx/CVE-2020-2698.json +++ b/2020/2xxx/CVE-2020-2698.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2702.json b/2020/2xxx/CVE-2020-2702.json index 266631db28d..4c53961d839 100644 --- a/2020/2xxx/CVE-2020-2702.json +++ b/2020/2xxx/CVE-2020-2702.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2703.json b/2020/2xxx/CVE-2020-2703.json index b113193b940..94b8e6cc9dd 100644 --- a/2020/2xxx/CVE-2020-2703.json +++ b/2020/2xxx/CVE-2020-2703.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -69,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2704.json b/2020/2xxx/CVE-2020-2704.json index 7493e95c55c..ae796e885d0 100644 --- a/2020/2xxx/CVE-2020-2704.json +++ b/2020/2xxx/CVE-2020-2704.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2705.json b/2020/2xxx/CVE-2020-2705.json index 052f4452c25..e20fb9decac 100644 --- a/2020/2xxx/CVE-2020-2705.json +++ b/2020/2xxx/CVE-2020-2705.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2725.json b/2020/2xxx/CVE-2020-2725.json index 84eb6ad2595..4f6efdb93b8 100644 --- a/2020/2xxx/CVE-2020-2725.json +++ b/2020/2xxx/CVE-2020-2725.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2726.json b/2020/2xxx/CVE-2020-2726.json index 230907f5995..ad4bc1dbc29 100644 --- a/2020/2xxx/CVE-2020-2726.json +++ b/2020/2xxx/CVE-2020-2726.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/2xxx/CVE-2020-2727.json b/2020/2xxx/CVE-2020-2727.json index 6ad24100e98..7ad5bfc0941 100644 --- a/2020/2xxx/CVE-2020-2727.json +++ b/2020/2xxx/CVE-2020-2727.json @@ -1,4 +1,3 @@ - { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", @@ -73,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202004-02", + "url": "https://security.gentoo.org/glsa/202004-02" } ] } diff --git a/2020/6xxx/CVE-2020-6009.json b/2020/6xxx/CVE-2020-6009.json index 9b28520ae0a..2e55c739fbf 100644 --- a/2020/6xxx/CVE-2020-6009.json +++ b/2020/6xxx/CVE-2020-6009.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LearnDash Wordpress Plugin", + "version": { + "version_data": [ + { + "version_value": "< 3.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://learndash.releasenotes.io/release/YBfaq-version-316", + "url": "https://learndash.releasenotes.io/release/YBfaq-version-316" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection." } ] } diff --git a/2020/6xxx/CVE-2020-6096.json b/2020/6xxx/CVE-2020-6096.json index 9f6697be15e..3d0e1acd4fe 100644 --- a/2020/6xxx/CVE-2020-6096.json +++ b/2020/6xxx/CVE-2020-6096.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GNU glibc", + "version": { + "version_data": [ + { + "version_value": "2.30.9000" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unsigned conversion error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=25620", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25620" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data." } ] }