diff --git a/2014/2xxx/CVE-2014-2650.json b/2014/2xxx/CVE-2014-2650.json index 955a8e6e1c9..940d49369db 100644 --- a/2014/2xxx/CVE-2014-2650.json +++ b/2014/2xxx/CVE-2014-2650.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2650", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unify OpenStage/OpenScape Desk Phone IP has an authentication bypass vulnerability in the default mode of the Workpoint Interface which allows command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf", + "url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf" + }, + { + "refsource": "MISC", + "name": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", + "url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx" } ] } diff --git a/2014/2xxx/CVE-2014-2651.json b/2014/2xxx/CVE-2014-2651.json index 0e21a9df3fa..aa0f4d65d5c 100644 --- a/2014/2xxx/CVE-2014-2651.json +++ b/2014/2xxx/CVE-2014-2651.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2651", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf", + "refsource": "MISC", + "name": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf" + }, + { + "refsource": "MISC", + "name": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx", + "url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx" } ] } diff --git a/2014/2xxx/CVE-2014-2686.json b/2014/2xxx/CVE-2014-2686.json index 38e5da34536..62b7fc68004 100644 --- a/2014/2xxx/CVE-2014-2686.json +++ b/2014/2xxx/CVE-2014-2686.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2686", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ansible prior to 1.5.4 mishandles the evaluation of some strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ", + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ" } ] } diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 8a4ccd7d858..2e1df4456f9 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -68,6 +68,16 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200109 [SECURITY] [DSA 4600-1] firefox-esr security update", + "url": "https://seclists.org/bugtraq/2020/Jan/12" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 286bc736664..dd339bb4633 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -68,6 +68,16 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200109 [SECURITY] [DSA 4600-1] firefox-esr security update", + "url": "https://seclists.org/bugtraq/2020/Jan/12" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 3343cf43485..ea7690fd693 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -68,6 +68,16 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200109 [SECURITY] [DSA 4600-1] firefox-esr security update", + "url": "https://seclists.org/bugtraq/2020/Jan/12" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index cce301a74ef..71edb813488 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -68,6 +68,16 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200109 [SECURITY] [DSA 4600-1] firefox-esr security update", + "url": "https://seclists.org/bugtraq/2020/Jan/12" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html" } ] }, diff --git a/2019/19xxx/CVE-2019-19494.json b/2019/19xxx/CVE-2019-19494.json index 7f5d134407a..c481c9a89d8 100644 --- a/2019/19xxx/CVE-2019-19494.json +++ b/2019/19xxx/CVE-2019-19494.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19494", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19494", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.broadcom.com", + "refsource": "MISC", + "name": "https://www.broadcom.com" + }, + { + "refsource": "MISC", + "name": "https://cablehaunt.com", + "url": "https://cablehaunt.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Lyrebirds/Fast8690-exploit", + "url": "https://github.com/Lyrebirds/Fast8690-exploit" + }, + { + "refsource": "MISC", + "name": "https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf", + "url": "https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf" } ] } diff --git a/2020/5xxx/CVE-2020-5308.json b/2020/5xxx/CVE-2020-5308.json index 78d948982dd..0c73017f387 100644 --- a/2020/5xxx/CVE-2020-5308.json +++ b/2020/5xxx/CVE-2020-5308.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5308", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5308", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/", + "refsource": "MISC", + "name": "https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155861/Dairy-Farm-Shop-Management-System-1.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155861/Dairy-Farm-Shop-Management-System-1.0-Cross-Site-Scripting.html" } ] }