diff --git a/2020/11xxx/CVE-2020-11945.json b/2020/11xxx/CVE-2020-11945.json index 820735c7d12..c2fe5139399 100644 --- a/2020/11xxx/CVE-2020-11945.json +++ b/2020/11xxx/CVE-2020-11945.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0004/" } ] } diff --git a/2020/16xxx/CVE-2020-16119.json b/2020/16xxx/CVE-2020-16119.json index c4616c152f6..fde7c10525d 100644 --- a/2020/16xxx/CVE-2020-16119.json +++ b/2020/16xxx/CVE-2020-16119.json @@ -154,6 +154,11 @@ "name": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695", "refsource": "UBUNTU", "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0006/" } ] }, @@ -166,4 +171,4 @@ "discovery": "USER" }, "work_around": [] -} +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24036.json b/2020/24xxx/CVE-2020-24036.json index 9ee3bd7c863..2e1d50919b3 100644 --- a/2020/24xxx/CVE-2020-24036.json +++ b/2020/24xxx/CVE-2020-24036.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://forkcms.com", + "refsource": "MISC", + "name": "http://forkcms.com" + }, + { + "refsource": "MISC", + "name": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-04", + "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-04" + }, + { + "refsource": "MISC", + "name": "https://tech.feedyourhead.at/content/ForkCMS-PHP-Object-Injection-CVE-2020-24036", + "url": "https://tech.feedyourhead.at/content/ForkCMS-PHP-Object-Injection-CVE-2020-24036" } ] } diff --git a/2020/24xxx/CVE-2020-24912.json b/2020/24xxx/CVE-2020-24912.json index fca810c56ee..3f9afd9f5bf 100644 --- a/2020/24xxx/CVE-2020-24912.json +++ b/2020/24xxx/CVE-2020-24912.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24912", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24912", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://qcubed.com", + "refsource": "MISC", + "name": "http://qcubed.com" + }, + { + "refsource": "MISC", + "name": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03", + "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03" + }, + { + "refsource": "MISC", + "name": "https://tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912", + "url": "https://tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912" } ] } diff --git a/2020/24xxx/CVE-2020-24913.json b/2020/24xxx/CVE-2020-24913.json index 20945a19c10..8d254faa576 100644 --- a/2020/24xxx/CVE-2020-24913.json +++ b/2020/24xxx/CVE-2020-24913.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24913", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24913", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://qcubed.com", + "refsource": "MISC", + "name": "http://qcubed.com" + }, + { + "refsource": "MISC", + "name": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02", + "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02" + }, + { + "refsource": "MISC", + "name": "https://tech.feedyourhead.at/content/QCubed-SQL-Injection-CVE-2020-24913", + "url": "https://tech.feedyourhead.at/content/QCubed-SQL-Injection-CVE-2020-24913" } ] } diff --git a/2020/24xxx/CVE-2020-24914.json b/2020/24xxx/CVE-2020-24914.json index 2e6386ae457..e1f2697b752 100644 --- a/2020/24xxx/CVE-2020-24914.json +++ b/2020/24xxx/CVE-2020-24914.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24914", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24914", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable \"strProfileData\" and allows an unauthenticated attacker to execute code via a crafted POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://qcubed.com", + "refsource": "MISC", + "name": "http://qcubed.com" + }, + { + "refsource": "MISC", + "name": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01", + "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01" + }, + { + "refsource": "MISC", + "name": "https://tech.feedyourhead.at/content/QCubed-PHP-Object-Injection-CVE-2020-24914", + "url": "https://tech.feedyourhead.at/content/QCubed-PHP-Object-Injection-CVE-2020-24914" } ] } diff --git a/2020/29xxx/CVE-2020-29443.json b/2020/29xxx/CVE-2020-29443.json index d8860e54b4c..a67ba320823 100644 --- a/2020/29xxx/CVE-2020-29443.json +++ b/2020/29xxx/CVE-2020-29443.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0003/" } ] } diff --git a/2020/8xxx/CVE-2020-8449.json b/2020/8xxx/CVE-2020-8449.json index c210a55edde..cc291792f14 100644 --- a/2020/8xxx/CVE-2020-8449.json +++ b/2020/8xxx/CVE-2020-8449.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ] } diff --git a/2020/8xxx/CVE-2020-8450.json b/2020/8xxx/CVE-2020-8450.json index cbbc6d2319d..45c56955673 100644 --- a/2020/8xxx/CVE-2020-8450.json +++ b/2020/8xxx/CVE-2020-8450.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ] } diff --git a/2020/8xxx/CVE-2020-8517.json b/2020/8xxx/CVE-2020-8517.json index 1e43ef0b068..b1fa67fb265 100644 --- a/2020/8xxx/CVE-2020-8517.json +++ b/2020/8xxx/CVE-2020-8517.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0623", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ] } diff --git a/2020/9xxx/CVE-2020-9492.json b/2020/9xxx/CVE-2020-9492.json index f92d60507b4..797c3bf87b5 100644 --- a/2020/9xxx/CVE-2020-9492.json +++ b/2020/9xxx/CVE-2020-9492.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core", "url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0001/" } ] }, diff --git a/2021/26xxx/CVE-2021-26117.json b/2021/26xxx/CVE-2021-26117.json index c72c65f2041..ba8fcc8f089 100644 --- a/2021/26xxx/CVE-2021-26117.json +++ b/2021/26xxx/CVE-2021-26117.json @@ -94,6 +94,11 @@ "refsource": "MLIST", "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947", "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0008/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0008/" } ] }, diff --git a/2021/3xxx/CVE-2021-3326.json b/2021/3xxx/CVE-2021-3326.json index 68ce4cfae2e..c391027dd98 100644 --- a/2021/3xxx/CVE-2021-3326.json +++ b/2021/3xxx/CVE-2021-3326.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210128 Re: glibc iconv crash with ISO-2022-JP-3", "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0007/" } ] } diff --git a/2021/3xxx/CVE-2021-3347.json b/2021/3xxx/CVE-2021-3347.json index 38c39e67f07..217d776e76a 100644 --- a/2021/3xxx/CVE-2021-3347.json +++ b/2021/3xxx/CVE-2021-3347.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0005/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0005/" } ] }