diff --git a/2008/3xxx/CVE-2008-3793.json b/2008/3xxx/CVE-2008-3793.json index 5abfebd631e..e7c47a5dac3 100644 --- a/2008/3xxx/CVE-2008-3793.json +++ b/2008/3xxx/CVE-2008-3793.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2008-3793", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-3793", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3792. Reason: This candidate is a duplicate of CVE-2008-3792. Notes: All CVE users should reference CVE-2008-3792 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2010/4xxx/CVE-2010-4658.json b/2010/4xxx/CVE-2010-4658.json index d4ed968eda0..452d82475c1 100644 --- a/2010/4xxx/CVE-2010-4658.json +++ b/2010/4xxx/CVE-2010-4658.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4658", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "statusnet", + "version": { + "version_data": [ + { + "version_value": "through 2010" + } + ] + } + } + ] + }, + "vendor_name": "statusnet" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4658", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-4658" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/01/25/13", + "url": "https://www.openwall.com/lists/oss-security/2011/01/25/13" } ] } diff --git a/2014/6xxx/CVE-2014-6413.json b/2014/6xxx/CVE-2014-6413.json index 8dc4ed11b86..a96d047b99f 100644 --- a/2014/6xxx/CVE-2014-6413.json +++ b/2014/6xxx/CVE-2014-6413.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6413", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/69958", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69958" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96069" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Sep/70", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Sep/70" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/128310", + "url": "https://packetstormsecurity.com/files/128310" } ] } diff --git a/2014/7xxx/CVE-2014-7224.json b/2014/7xxx/CVE-2014-7224.json index 7140b8335b9..db064e694d6 100644 --- a/2014/7xxx/CVE-2014-7224.json +++ b/2014/7xxx/CVE-2014-7224.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7224", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2014/10/02/20", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/10/02/20" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96833" + }, + { + "refsource": "MISC", + "name": "https://daoyuan14.github.io/news/newattackvector.html", + "url": "https://daoyuan14.github.io/news/newattackvector.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/70222", + "url": "https://www.securityfocus.com/bid/70222" } ] } diff --git a/2019/18xxx/CVE-2019-18988.json b/2019/18xxx/CVE-2019-18988.json new file mode 100644 index 00000000000..fc918a0fd11 --- /dev/null +++ b/2019/18xxx/CVE-2019-18988.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?threadtype=label&labels=Security", + "refsource": "MISC", + "name": "https://community.teamviewer.com/t5/Knowledge-Base/tkb-p/Knowledgebase?threadtype=label&labels=Security" + }, + { + "refsource": "MISC", + "name": "https://whynotsecurity.com/blog/teamviewer/", + "url": "https://whynotsecurity.com/blog/teamviewer/" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/Blurbdust/status/1224212682594770946?s=20", + "url": "https://twitter.com/Blurbdust/status/1224212682594770946?s=20" + }, + { + "refsource": "MISC", + "name": "https://community.teamviewer.com/t5/Announcements/Specification-on-CVE-2019-18988/td-p/82264", + "url": "https://community.teamviewer.com/t5/Announcements/Specification-on-CVE-2019-18988/td-p/82264" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20448.json b/2019/20xxx/CVE-2019-20448.json new file mode 100644 index 00000000000..d2003bce883 --- /dev/null +++ b/2019/20xxx/CVE-2019-20448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20449.json b/2019/20xxx/CVE-2019-20449.json new file mode 100644 index 00000000000..7f426890682 --- /dev/null +++ b/2019/20xxx/CVE-2019-20449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20450.json b/2019/20xxx/CVE-2019-20450.json new file mode 100644 index 00000000000..e6882526117 --- /dev/null +++ b/2019/20xxx/CVE-2019-20450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1768.json b/2020/1xxx/CVE-2020-1768.json index 70f44af90ac..1afaefb6e92 100644 --- a/2020/1xxx/CVE-2020-1768.json +++ b/2020/1xxx/CVE-2020-1768.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached.\n\nThis issue affects:\nOTRS\n7.0.x version 7.0.14 and prior versions." + "value": "The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions." } ] }, @@ -77,6 +77,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/", "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-04/" } ] diff --git a/2020/8xxx/CVE-2020-8790.json b/2020/8xxx/CVE-2020-8790.json new file mode 100644 index 00000000000..57304d3fa00 --- /dev/null +++ b/2020/8xxx/CVE-2020-8790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8791.json b/2020/8xxx/CVE-2020-8791.json new file mode 100644 index 00000000000..1d57e04e58b --- /dev/null +++ b/2020/8xxx/CVE-2020-8791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8792.json b/2020/8xxx/CVE-2020-8792.json new file mode 100644 index 00000000000..2d94ab6f836 --- /dev/null +++ b/2020/8xxx/CVE-2020-8792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file