diff --git a/2011/4xxx/CVE-2011-4820.json b/2011/4xxx/CVE-2011-4820.json index 71ba084e46e..19b6320cd14 100644 --- a/2011/4xxx/CVE-2011-4820.json +++ b/2011/4xxx/CVE-2011-4820.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2011-4820", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "IBM X-Force ID 71161", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71161" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2011-4820", + "url": "https://www.cve.org/CVERecord?id=CVE-2011-4820" } ] } diff --git a/2012/2xxx/CVE-2012-2160.json b/2012/2xxx/CVE-2012-2160.json index 62165245d56..4a409e448c8 100644 --- a/2012/2xxx/CVE-2012-2160.json +++ b/2012/2xxx/CVE-2012-2160.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2160", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "IBM X-Force ID: 74753", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74753" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2012-2160", + "url": "https://www.cve.org/CVERecord?id=CVE-2012-2160" + }, + { + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/589933", + "url": "https://www.ibm.com/support/pages/node/589933" } ] } diff --git a/2012/2xxx/CVE-2012-2201.json b/2012/2xxx/CVE-2012-2201.json index bb1a679652f..da31b5d6277 100644 --- a/2012/2xxx/CVE-2012-2201.json +++ b/2012/2xxx/CVE-2012-2201.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2201", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "IBM X-Force ID: 76799", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76799" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2012-2201", + "url": "https://www.cve.org/CVERecord?id=CVE-2012-2201" } ] } diff --git a/2012/4xxx/CVE-2012-4818.json b/2012/4xxx/CVE-2012-4818.json index 82c82bc4b8c..44d29579fcf 100644 --- a/2012/4xxx/CVE-2012-4818.json +++ b/2012/4xxx/CVE-2012-4818.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4818", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "IBM X-Force ID: 78651", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78651" + }, + { + "refsource": "MISC", + "name": "https://www.ibm.com/blogs/psirt/security-bulletin-lack-of-path-restriction-may-allow-access-to-sensitive-data-stored-on-ibm-infosphere-information-server-cve-2012-4818/?lnk=hm", + "url": "https://www.ibm.com/blogs/psirt/security-bulletin-lack-of-path-restriction-may-allow-access-to-sensitive-data-stored-on-ibm-infosphere-information-server-cve-2012-4818/?lnk=hm" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2012-4818", + "url": "https://www.cve.org/CVERecord?id=CVE-2012-4818" } ] } diff --git a/2014/0xxx/CVE-2014-0144.json b/2014/0xxx/CVE-2014-0144.json index 0b4dddddd60..278faf33136 100644 --- a/2014/0xxx/CVE-2014-0144.json +++ b/2014/0xxx/CVE-2014-0144.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0144", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,126 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=24342f2cae47d03911e346fe1e520b00dc2818e0", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=24342f2cae47d03911e346fe1e520b00dc2818e0" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=6d4b9e55fc625514a38d27cff4b9933f617fa7dc", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=6d4b9e55fc625514a38d27cff4b9933f617fa7dc" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=7b103b36d6ef3b11827c203d3a793bf7da50ecd6", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=7b103b36d6ef3b11827c203d3a793bf7da50ecd6" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=97f1c45c6f456572e5b504b8614e4a69e23b8e3a", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=97f1c45c6f456572e5b504b8614e4a69e23b8e3a" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=a1b3955c9415b1e767c130a2f59fee6aa28e575b", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=a1b3955c9415b1e767c130a2f59fee6aa28e575b" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ce48f2f441ca98885267af6fd636a7cb804ee646", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ce48f2f441ca98885267af6fd636a7cb804ee646" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=d65f97a82c4ed48374a764c769d4ba1ea9724e97", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=d65f97a82c4ed48374a764c769d4ba1ea9724e97" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=f56b9bc3ae20fc93815b34aa022be919941406ce", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=f56b9bc3ae20fc93815b34aa022be919941406ce" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0420.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0421.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html" + }, + { + "refsource": "MISC", + "name": "https://www.vulnerabilitycenter.com/#!vul=44767", + "url": "https://www.vulnerabilitycenter.com/#!vul=44767" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2014-0144", + "url": "https://www.cve.org/CVERecord?id=CVE-2014-0144" } ] } diff --git a/2014/0xxx/CVE-2014-0147.json b/2014/0xxx/CVE-2014-0147.json index 13adb85f053..bf9817dbce0 100644 --- a/2014/0xxx/CVE-2014-0147.json +++ b/2014/0xxx/CVE-2014-0147.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0147", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Qemu", + "version": { + "version_data": [ + { + "version_value": "before 1.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=246f65838d19db6db55bfb41117c35645a2c4789", + "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=246f65838d19db6db55bfb41117c35645a2c4789" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1078848", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078848" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1086717", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086717" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0420.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2014-0147", + "url": "https://www.cve.org/CVERecord?id=CVE-2014-0147" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0421.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/03/26/8", + "url": "http://www.openwall.com/lists/oss-security/2014/03/26/8" } ] } diff --git a/2014/0xxx/CVE-2014-0148.json b/2014/0xxx/CVE-2014-0148.json index c0da9c76308..95c1d01b325 100644 --- a/2014/0xxx/CVE-2014-0148.json +++ b/2014/0xxx/CVE-2014-0148.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0148", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Qemu", + "version": { + "version_data": [ + { + "version_value": "before 2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0420.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0421.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/03/26/8", + "url": "http://www.openwall.com/lists/oss-security/2014/03/26/8" + }, + { + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=1d7678dec4761acdc43439da6ceda41a703ba1a6", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=1d7678dec4761acdc43439da6ceda41a703ba1a6" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1078212", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078212" + }, + { + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2014-0148", + "url": "https://www.cve.org/CVERecord?id=CVE-2014-0148" } ] } diff --git a/2015/1xxx/CVE-2015-1931.json b/2015/1xxx/CVE-2015-1931.json index b77be5e91fc..204af850329 100644 --- a/2015/1xxx/CVE-2015-1931.json +++ b/2015/1xxx/CVE-2015-1931.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-1931", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,101 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html" + }, + { + "refsource": "MISC", + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21962302", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962302" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1485.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1486.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1488.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html" + }, + { + "refsource": "MISC", + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1544.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1604.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/75985", + "url": "http://www.securityfocus.com/bid/75985" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2015-1931", + "url": "https://www.cve.org/CVERecord?id=CVE-2015-1931" } ] } diff --git a/2016/2xxx/CVE-2016-2338.json b/2016/2xxx/CVE-2016-2338.json index badf2a4ac6a..a63945c58e8 100644 --- a/2016/2xxx/CVE-2016-2338.json +++ b/2016/2xxx/CVE-2016-2338.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-2338", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer \"head\" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200325 [SECURITY] [DLA 2158-1] ruby2.1 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2016-2338", + "url": "https://www.cve.org/CVERecord?id=CVE-2016-2338" + }, + { + "refsource": "MISC", + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0032/", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0032/" } ] } diff --git a/2019/0xxx/CVE-2019-0542.json b/2019/0xxx/CVE-2019-0542.json index 32adb8f0fc6..97099f0abe7 100644 --- a/2019/0xxx/CVE-2019-0542.json +++ b/2019/0xxx/CVE-2019-0542.json @@ -4,14 +4,88 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-0542", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." + "value": "A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "xterm.js", + "version": { + "version_data": [ + { + "version_value": "xterm.js" + } + ] + } + } + ] + }, + "vendor_name": "https://xtermjs.org/" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "106434", + "url": "http://www.securityfocus.com/bid/106434" + }, + { + "refsource": "REDHAT", + "name": "RHBA-2019:0959", + "url": "https://access.redhat.com/errata/RHBA-2019:0959" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1422", + "url": "https://access.redhat.com/errata/RHSA-2019:1422" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2552", + "url": "https://access.redhat.com/errata/RHSA-2019:2552" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2551", + "url": "https://access.redhat.com/errata/RHSA-2019:2551" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2019-0542", + "url": "https://www.cve.org/CVERecord?id=CVE-2019-0542" + }, + { + "refsource": "MISC", + "name": "https://github.com/xtermjs/xterm.js/releases", + "url": "https://github.com/xtermjs/xterm.js/releases" } ] } diff --git a/2020/15xxx/CVE-2020-15325.json b/2020/15xxx/CVE-2020-15325.json index 7b1a3bd86a9..5bbae8f7b4e 100644 --- a/2020/15xxx/CVE-2020-15325.json +++ b/2020/15xxx/CVE-2020-15325.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15325", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15325", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15325", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15325" } ] } diff --git a/2020/15xxx/CVE-2020-15326.json b/2020/15xxx/CVE-2020-15326.json index 9150af183b2..22f00ff9831 100644 --- a/2020/15xxx/CVE-2020-15326.json +++ b/2020/15xxx/CVE-2020-15326.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15326", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15326", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15326", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15326" } ] } diff --git a/2020/15xxx/CVE-2020-15327.json b/2020/15xxx/CVE-2020-15327.json index c2a9327271b..21f4d78b64d 100644 --- a/2020/15xxx/CVE-2020-15327.json +++ b/2020/15xxx/CVE-2020-15327.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15327", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15327", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15327", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15327" } ] } diff --git a/2020/15xxx/CVE-2020-15328.json b/2020/15xxx/CVE-2020-15328.json index dab5d756efa..b493bc87e86 100644 --- a/2020/15xxx/CVE-2020-15328.json +++ b/2020/15xxx/CVE-2020-15328.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15328", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15328", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15328", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15328" } ] } diff --git a/2020/15xxx/CVE-2020-15329.json b/2020/15xxx/CVE-2020-15329.json index f62b9a67ff5..f307b7834a6 100644 --- a/2020/15xxx/CVE-2020-15329.json +++ b/2020/15xxx/CVE-2020-15329.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15329", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15329", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15329", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15329" } ] } diff --git a/2020/15xxx/CVE-2020-15330.json b/2020/15xxx/CVE-2020-15330.json index 854bc8d7b00..086c94a6a4b 100644 --- a/2020/15xxx/CVE-2020-15330.json +++ b/2020/15xxx/CVE-2020-15330.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15330", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15330", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15330", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15330" } ] } diff --git a/2020/15xxx/CVE-2020-15331.json b/2020/15xxx/CVE-2020-15331.json index 7a3c14b2f3b..3b646ac7957 100644 --- a/2020/15xxx/CVE-2020-15331.json +++ b/2020/15xxx/CVE-2020-15331.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15331", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15331", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15331", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15331" } ] } diff --git a/2020/15xxx/CVE-2020-15332.json b/2020/15xxx/CVE-2020-15332.json index 9f0623e11b8..bb46f6a08ab 100644 --- a/2020/15xxx/CVE-2020-15332.json +++ b/2020/15xxx/CVE-2020-15332.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15332", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15332", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15332", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15332" } ] } diff --git a/2020/15xxx/CVE-2020-15333.json b/2020/15xxx/CVE-2020-15333.json index 7c7592de9c9..66714214fb6 100644 --- a/2020/15xxx/CVE-2020-15333.json +++ b/2020/15xxx/CVE-2020-15333.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15333", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15333", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL \"select * from Administrator_users\" and \"select * from Users_users\" requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15333", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15333" } ] } diff --git a/2020/15xxx/CVE-2020-15334.json b/2020/15xxx/CVE-2020-15334.json index 1b5f5187702..e8efcf760d9 100644 --- a/2020/15xxx/CVE-2020-15334.json +++ b/2020/15xxx/CVE-2020-15334.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15334", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15334", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15334", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15334" } ] } diff --git a/2020/15xxx/CVE-2020-15337.json b/2020/15xxx/CVE-2020-15337.json index 5b366a73cd0..8c1350fdee0 100644 --- a/2020/15xxx/CVE-2020-15337.json +++ b/2020/15xxx/CVE-2020-15337.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15337", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15337", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a \"Use of GET Request Method With Sensitive Query Strings\" issue for /registerCpe requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15337", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15337" } ] } diff --git a/2020/15xxx/CVE-2020-15338.json b/2020/15xxx/CVE-2020-15338.json index 9f6bcc1db0e..50f0324c97c 100644 --- a/2020/15xxx/CVE-2020-15338.json +++ b/2020/15xxx/CVE-2020-15338.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15338", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15338", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a \"Use of GET Request Method With Sensitive Query Strings\" issue for /cnr requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15338", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15338" } ] } diff --git a/2020/15xxx/CVE-2020-15339.json b/2020/15xxx/CVE-2020-15339.json index 6394f7611bd..231c993fc12 100644 --- a/2020/15xxx/CVE-2020-15339.json +++ b/2020/15xxx/CVE-2020-15339.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15339", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15339", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15339", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15339" } ] } diff --git a/2020/15xxx/CVE-2020-15340.json b/2020/15xxx/CVE-2020-15340.json index c3ecd0dedbc..141fe672d3a 100644 --- a/2020/15xxx/CVE-2020-15340.json +++ b/2020/15xxx/CVE-2020-15340.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15340", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15340", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15340", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15340" } ] } diff --git a/2020/15xxx/CVE-2020-15341.json b/2020/15xxx/CVE-2020-15341.json index e20d864cdb3..726e97500c9 100644 --- a/2020/15xxx/CVE-2020-15341.json +++ b/2020/15xxx/CVE-2020-15341.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15341", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15341", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15341", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15341" } ] } diff --git a/2020/15xxx/CVE-2020-15342.json b/2020/15xxx/CVE-2020-15342.json index 59626984667..8308c37c713 100644 --- a/2020/15xxx/CVE-2020-15342.json +++ b/2020/15xxx/CVE-2020-15342.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15342", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15342", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15342", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15342" } ] } diff --git a/2020/15xxx/CVE-2020-15343.json b/2020/15xxx/CVE-2020-15343.json index 6753f2e5fdd..3398b503b7a 100644 --- a/2020/15xxx/CVE-2020-15343.json +++ b/2020/15xxx/CVE-2020-15343.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15343", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15343", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15343", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15343" } ] } diff --git a/2020/15xxx/CVE-2020-15344.json b/2020/15xxx/CVE-2020-15344.json index 5ff66663923..aac5e520240 100644 --- a/2020/15xxx/CVE-2020-15344.json +++ b/2020/15xxx/CVE-2020-15344.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15344", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15344", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15344", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15344" } ] } diff --git a/2020/15xxx/CVE-2020-15345.json b/2020/15xxx/CVE-2020-15345.json index 717fc82da9e..b26ba83e431 100644 --- a/2020/15xxx/CVE-2020-15345.json +++ b/2020/15xxx/CVE-2020-15345.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15345", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15345", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15345", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15345" } ] } diff --git a/2020/15xxx/CVE-2020-15346.json b/2020/15xxx/CVE-2020-15346.json index 4c0d83cff75..788c38b45ba 100644 --- a/2020/15xxx/CVE-2020-15346.json +++ b/2020/15xxx/CVE-2020-15346.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15346", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15346", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15346", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15346" } ] } diff --git a/2020/15xxx/CVE-2020-15347.json b/2020/15xxx/CVE-2020-15347.json index f68d96bbd39..7d197222c90 100644 --- a/2020/15xxx/CVE-2020-15347.json +++ b/2020/15xxx/CVE-2020-15347.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15347", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15347", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html" + }, + { + "url": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml", + "refsource": "MISC", + "name": "https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-15347", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-15347" } ] } diff --git a/2020/27xxx/CVE-2020-27601.json b/2020/27xxx/CVE-2020-27601.json index 51e3f0884de..fde44146015 100644 --- a/2020/27xxx/CVE-2020-27601.json +++ b/2020/27xxx/CVE-2020-27601.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27601", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27601", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-27601", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-27601" } ] } diff --git a/2020/27xxx/CVE-2020-27602.json b/2020/27xxx/CVE-2020-27602.json index 3d6f2c4b888..92aa40340e8 100644 --- a/2020/27xxx/CVE-2020-27602.json +++ b/2020/27xxx/CVE-2020-27602.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27602", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27602", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-27602", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-27602" } ] } diff --git a/2020/35xxx/CVE-2020-35674.json b/2020/35xxx/CVE-2020-35674.json index 5b99d10a0fb..0c0a99577fd 100644 --- a/2020/35xxx/CVE-2020-35674.json +++ b/2020/35xxx/CVE-2020-35674.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35674", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35674", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://labs.ingredous.com/2020/07/13/ois-sqli/", + "refsource": "MISC", + "name": "https://labs.ingredous.com/2020/07/13/ois-sqli/" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-35674", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-35674" } ] } diff --git a/2020/35xxx/CVE-2020-35675.json b/2020/35xxx/CVE-2020-35675.json index 637857649ea..c89df535056 100644 --- a/2020/35xxx/CVE-2020-35675.json +++ b/2020/35xxx/CVE-2020-35675.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35675", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35675", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://labs.ingredous.com/2020/07/13/ois-transfer-csrf/", + "refsource": "MISC", + "name": "https://labs.ingredous.com/2020/07/13/ois-transfer-csrf/" + }, + { + "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.0", + "refsource": "MISC", + "name": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.0" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2020-35675", + "url": "https://www.cve.org/CVERecord?id=CVE-2020-35675" } ] } diff --git a/2021/40xxx/CVE-2021-40691.json b/2021/40xxx/CVE-2021-40691.json index 1b1b5174d44..67ea1f39771 100644 --- a/2021/40xxx/CVE-2021-40691.json +++ b/2021/40xxx/CVE-2021-40691.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Hijack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2043411", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043411" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-40691", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-40691" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A session hijack risk was identified in the Shibboleth authentication plugin." } ] } diff --git a/2021/40xxx/CVE-2021-40692.json b/2021/40xxx/CVE-2021-40692.json index 5f6f7f52e76..932dc5e020f 100644 --- a/2021/40xxx/CVE-2021-40692.json +++ b/2021/40xxx/CVE-2021-40692.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2043414", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043414" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-40692", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-40692" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient capability checks made it possible for teachers to download users outside of their courses." } ] } diff --git a/2021/40xxx/CVE-2021-40693.json b/2021/40xxx/CVE-2021-40693.json index de82d338bfe..7fe8ae70e43 100644 --- a/2021/40xxx/CVE-2021-40693.json +++ b/2021/40xxx/CVE-2021-40693.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2043417", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043417" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-40693", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-40693" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability." } ] } diff --git a/2021/40xxx/CVE-2021-40694.json b/2021/40xxx/CVE-2021-40694.json index a445c449345..b946d4d0d75 100644 --- a/2021/40xxx/CVE-2021-40694.json +++ b/2021/40xxx/CVE-2021-40694.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "arbitrary file read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2043421", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043421" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-40694", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-40694" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account." } ] } diff --git a/2021/40xxx/CVE-2021-40695.json b/2021/40xxx/CVE-2021-40695.json index 135fd7ae690..cc9eb2470c8 100644 --- a/2021/40xxx/CVE-2021-40695.json +++ b/2021/40xxx/CVE-2021-40695.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2043424", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043424" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-40695", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-40695" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was possible for a student to view their quiz grade before it had been released, using a quiz web service." } ] } diff --git a/2021/42xxx/CVE-2021-42045.json b/2021/42xxx/CVE-2021-42045.json index e7c273120f7..c5e2e7512eb 100644 --- a/2021/42xxx/CVE-2021-42045.json +++ b/2021/42xxx/CVE-2021-42045.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42045", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T289385", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T289385" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/I4f04083cd00884d3b85245460774c81c7639a578" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-42045", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42045" } ] } diff --git a/2021/42xxx/CVE-2021-42046.json b/2021/42xxx/CVE-2021-42046.json index b326ec41fa8..dfb30acc6c0 100644 --- a/2021/42xxx/CVE-2021-42046.json +++ b/2021/42xxx/CVE-2021-42046.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42046", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42046", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T286385", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T286385" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/Ib7f9b009730fe0df283cec1169f84c7a83a58b1d" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/Id2204fb5afe591d63764466de35ac0aaa5999983" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-42046", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42046" } ] } diff --git a/2021/42xxx/CVE-2021-42047.json b/2021/42xxx/CVE-2021-42047.json index d1889fb0a4b..14ca6d84eca 100644 --- a/2021/42xxx/CVE-2021-42047.json +++ b/2021/42xxx/CVE-2021-42047.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42047", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42047", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T289063", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T289063" + }, + { + "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/720088" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-42047", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42047" } ] } diff --git a/2021/42xxx/CVE-2021-42048.json b/2021/42xxx/CVE-2021-42048.json index e8c796af5c8..558f43c91fc 100644 --- a/2021/42xxx/CVE-2021-42048.json +++ b/2021/42xxx/CVE-2021-42048.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T289064", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T289064" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/Iaa90a8976834d70caad592e9d1b18510318db537" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-42048", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42048" } ] } diff --git a/2021/42xxx/CVE-2021-42049.json b/2021/42xxx/CVE-2021-42049.json index 06c6b744fb3..acba0cd3c56 100644 --- a/2021/42xxx/CVE-2021-42049.json +++ b/2021/42xxx/CVE-2021-42049.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T286884", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T286884" + }, + { + "url": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/q/I4d95220ef414337147235f7ebedc9b945c3348e3" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-42049", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-42049" } ] } diff --git a/2021/43xxx/CVE-2021-43403.json b/2021/43xxx/CVE-2021-43403.json index 24763e29d75..579f1e4df36 100644 --- a/2021/43xxx/CVE-2021-43403.json +++ b/2021/43xxx/CVE-2021-43403.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43403", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43403", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/57b7bf0d6b67bda07d550b07d984a44755510d9c", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/57b7bf0d6b67bda07d550b07d984a44755510d9c" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-43403", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-43403" } ] } diff --git a/2021/45xxx/CVE-2021-45788.json b/2021/45xxx/CVE-2021-45788.json index 54581f1cfbd..bb086065b0e 100644 --- a/2021/45xxx/CVE-2021-45788.json +++ b/2021/45xxx/CVE-2021-45788.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45788", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45788", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the \"orders\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/metersphere/metersphere/issues/8651", + "refsource": "MISC", + "name": "https://github.com/metersphere/metersphere/issues/8651" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-45788", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-45788" } ] } diff --git a/2021/45xxx/CVE-2021-45789.json b/2021/45xxx/CVE-2021-45789.json index 229635f0fdb..98bdf83e744 100644 --- a/2021/45xxx/CVE-2021-45789.json +++ b/2021/45xxx/CVE-2021-45789.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45789", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45789", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/metersphere/metersphere/issues/8652", + "refsource": "MISC", + "name": "https://github.com/metersphere/metersphere/issues/8652" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-45789", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-45789" } ] } diff --git a/2021/45xxx/CVE-2021-45790.json b/2021/45xxx/CVE-2021-45790.json index ad4c294d984..08fe6df9547 100644 --- a/2021/45xxx/CVE-2021-45790.json +++ b/2021/45xxx/CVE-2021-45790.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45790", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45790", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/metersphere/metersphere/issues/8653", + "refsource": "MISC", + "name": "https://github.com/metersphere/metersphere/issues/8653" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-45790", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-45790" } ] } diff --git a/2021/45xxx/CVE-2021-45843.json b/2021/45xxx/CVE-2021-45843.json index 326a7a3d3f1..4c2f1a4c547 100644 --- a/2021/45xxx/CVE-2021-45843.json +++ b/2021/45xxx/CVE-2021-45843.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45843", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45843", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/glfusion/XSS-Reflected", + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/glfusion/XSS-Reflected" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2021-45843", + "url": "https://www.cve.org/CVERecord?id=CVE-2021-45843" } ] } diff --git a/2022/1xxx/CVE-2022-1718.json b/2022/1xxx/CVE-2022-1718.json index a2e63348aa2..9a6763b508b 100644 --- a/2022/1xxx/CVE-2022-1718.json +++ b/2022/1xxx/CVE-2022-1718.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "polonel/trudesk", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "polonel" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e" + }, + { + "name": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895", + "refsource": "MISC", + "url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-1718", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-1718" + } + ] + }, + "source": { + "advisory": "1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1719.json b/2022/1xxx/CVE-2022-1719.json index 58755fba92d..28737f2ee69 100644 --- a/2022/1xxx/CVE-2022-1719.json +++ b/2022/1xxx/CVE-2022-1719.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reflected XSS on ticket filter function in polonel/trudesk" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "polonel/trudesk", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "polonel" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b" + }, + { + "name": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0", + "refsource": "MISC", + "url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-1719", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-1719" + } + ] + }, + "source": { + "advisory": "790ba3fd-41e9-4393-8e2f-71161b56279b", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1725.json b/2022/1xxx/CVE-2022-1725.json index 2ec3b95be23..cdd04a08cbe 100644 --- a/2022/1xxx/CVE-2022-1725.json +++ b/2022/1xxx/CVE-2022-1725.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NULL Pointer Dereference in vim/vim" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.4959" + } + ] + } + } + ] + }, + "vendor_name": "vim" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c" + }, + { + "name": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-1725", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725" + } + ] + }, + "source": { + "advisory": "4363cf07-233e-4d0a-a1d5-c731a400525c", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37409.json b/2022/37xxx/CVE-2022-37409.json new file mode 100644 index 00000000000..5b6ed864691 --- /dev/null +++ b/2022/37xxx/CVE-2022-37409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-37409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37410.json b/2022/37xxx/CVE-2022-37410.json new file mode 100644 index 00000000000..4fd37b0aff4 --- /dev/null +++ b/2022/37xxx/CVE-2022-37410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-37410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38101.json b/2022/38xxx/CVE-2022-38101.json new file mode 100644 index 00000000000..f02b70051f6 --- /dev/null +++ b/2022/38xxx/CVE-2022-38101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38222.json b/2022/38xxx/CVE-2022-38222.json index 86093b29aea..95fd52b7177 100644 --- a/2022/38xxx/CVE-2022-38222.json +++ b/2022/38xxx/CVE-2022-38222.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-38222", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-38222", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-38222", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-38222" } ] } diff --git a/2022/40xxx/CVE-2022-40207.json b/2022/40xxx/CVE-2022-40207.json new file mode 100644 index 00000000000..04ee0a75be4 --- /dev/null +++ b/2022/40xxx/CVE-2022-40207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-40207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40278.json b/2022/40xxx/CVE-2022-40278.json index 645fc56ae39..2b68118023b 100644 --- a/2022/40xxx/CVE-2022-40278.json +++ b/2022/40xxx/CVE-2022-40278.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40278", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40278", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Samsung/TizenRT/issues/5628", + "refsource": "MISC", + "name": "https://github.com/Samsung/TizenRT/issues/5628" + }, + { + "url": "https://www.sqlite.org/c3ref/exec.html", + "refsource": "MISC", + "name": "https://www.sqlite.org/c3ref/exec.html" + }, + { + "url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L103", + "refsource": "MISC", + "name": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L103" + }, + { + "url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L107", + "refsource": "MISC", + "name": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/iotivity/iotivity_1.2-rel/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c#L107" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-40278", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-40278" } ] } diff --git a/2022/40xxx/CVE-2022-40279.json b/2022/40xxx/CVE-2022-40279.json index 5be5b4b08a1..f850bbd1901 100644 --- a/2022/40xxx/CVE-2022-40279.json +++ b/2022/40xxx/CVE-2022-40279.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40279", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40279", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://linux.die.net/man/3/pcap_dispatch", + "refsource": "MISC", + "name": "https://linux.die.net/man/3/pcap_dispatch" + }, + { + "url": "https://github.com/Samsung/TizenRT/issues/5629", + "refsource": "MISC", + "name": "https://github.com/Samsung/TizenRT/issues/5629" + }, + { + "url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181", + "refsource": "MISC", + "name": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-40279", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-40279" } ] } diff --git a/2022/40xxx/CVE-2022-40685.json b/2022/40xxx/CVE-2022-40685.json new file mode 100644 index 00000000000..26d5c1b73b1 --- /dev/null +++ b/2022/40xxx/CVE-2022-40685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-40685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40974.json b/2022/40xxx/CVE-2022-40974.json new file mode 100644 index 00000000000..6f20983de2a --- /dev/null +++ b/2022/40xxx/CVE-2022-40974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-40974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41614.json b/2022/41xxx/CVE-2022-41614.json new file mode 100644 index 00000000000..d3f7c29fdb7 --- /dev/null +++ b/2022/41xxx/CVE-2022-41614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41628.json b/2022/41xxx/CVE-2022-41628.json new file mode 100644 index 00000000000..57beb38c727 --- /dev/null +++ b/2022/41xxx/CVE-2022-41628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41646.json b/2022/41xxx/CVE-2022-41646.json new file mode 100644 index 00000000000..c0773a4f966 --- /dev/null +++ b/2022/41xxx/CVE-2022-41646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41700.json b/2022/41xxx/CVE-2022-41700.json new file mode 100644 index 00000000000..3793850b199 --- /dev/null +++ b/2022/41xxx/CVE-2022-41700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file