diff --git a/2019/14xxx/CVE-2019-14892.json b/2019/14xxx/CVE-2019-14892.json index 6f10546127e..0a7dc49f571 100644 --- a/2019/14xxx/CVE-2019-14892.json +++ b/2019/14xxx/CVE-2019-14892.json @@ -82,6 +82,11 @@ "refsource": "MLIST", "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200904-0005/", + "url": "https://security.netapp.com/advisory/ntap-20200904-0005/" } ] }, diff --git a/2019/3xxx/CVE-2019-3881.json b/2019/3xxx/CVE-2019-3881.json index 4954d4f8be7..1d68c4bde1a 100644 --- a/2019/3xxx/CVE-2019-3881.json +++ b/2019/3xxx/CVE-2019-3881.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3881", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3881", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "rubygem-bundler", + "version": { + "version_data": [ + { + "version_value": "bundler versions before 2.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1651826", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651826" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed." } ] } diff --git a/2020/7xxx/CVE-2020-7119.json b/2020/7xxx/CVE-2020-7119.json index ac19e247ef1..aa8242a1193 100644 --- a/2020/7xxx/CVE-2020-7119.json +++ b/2020/7xxx/CVE-2020-7119.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ALE ClearPass C1000 S-1200 R4 HW-Based Appliance", + "version": { + "version_data": [ + { + "version_value": "Firmware 2.1.0.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary File Modification " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-008.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-008.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user." } ] }