"-Synchronized-Data."

2019/15xxx/CVE-2019-15635.json

@@ -52,11 +52,6 @@
     },
     "references": {
         "reference_data": [
-            {
-                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/",
-                "refsource": "MISC",
-                "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/"
-            },
             {
                 "refsource": "MISC",
                 "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167244",

2019/6xxx/CVE-2019-6989.json

@@ -53,9 +53,14 @@
     "references": {
         "reference_data": [
             {
-                "url": "https://exchange.xforce.ibmcloud.com",
+                "refsource": "EXPLOIT-DB",
+                "name": "46678",
+                "url": "https://www.exploit-db.com/exploits/46678/"
+            },
+            {
                 "refsource": "MISC",
-                "name": "https://exchange.xforce.ibmcloud.com"
+                "name": "http://packetstormsecurity.com/files/152458/TP-LINK-TL-WR940N-TL-WR941ND-Buffer-Overflow.html",
+                "url": "http://packetstormsecurity.com/files/152458/TP-LINK-TL-WR940N-TL-WR941ND-Buffer-Overflow.html"
             }
         ]
     }

2020/13xxx/CVE-2020-13844.json

@@ -1,17 +1,81 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2020-13844",
         "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2020-13844",
+        "STATE": "PUBLIC"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\""
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
+                "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
+                "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
+                "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
+                "url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
+                "url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html"
             }
         ]
     }

2020/4xxx/CVE-2020-4040.json

@@ -35,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.\n\nThis has been fixed in Bolt 3.7.1"
+                "value": "Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1"
             }
         ]
     },

2020/4xxx/CVE-2020-4041.json

@@ -35,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. \n\nAdditionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented.\n\nThis is fixed in Bolt 3.7.1."
+                "value": "In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1."
             }
         ]
     },
@@ -69,11 +69,6 @@
     },
     "references": {
         "reference_data": [
-            {
-                "name": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j",
-                "refsource": "CONFIRM",
-                "url": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j"
-            },
             {
                 "name": "https://github.com/bolt/bolt/pull/7853",
                 "refsource": "MISC",
@@ -83,6 +78,11 @@
                 "name": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f",
                 "refsource": "MISC",
                 "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f"
+            },
+            {
+                "name": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j"
             }
         ]
     },