diff --git a/2019/15xxx/CVE-2019-15635.json b/2019/15xxx/CVE-2019-15635.json index 3f77320b93d..51332ae23ea 100644 --- a/2019/15xxx/CVE-2019-15635.json +++ b/2019/15xxx/CVE-2019-15635.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/", - "refsource": "MISC", - "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/" - }, { "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167244", diff --git a/2019/6xxx/CVE-2019-6989.json b/2019/6xxx/CVE-2019-6989.json index 411a463a9fb..388c90cb784 100644 --- a/2019/6xxx/CVE-2019-6989.json +++ b/2019/6xxx/CVE-2019-6989.json @@ -53,9 +53,14 @@ "references": { "reference_data": [ { - "url": "https://exchange.xforce.ibmcloud.com", + "refsource": "EXPLOIT-DB", + "name": "46678", + "url": "https://www.exploit-db.com/exploits/46678/" + }, + { "refsource": "MISC", - "name": "https://exchange.xforce.ibmcloud.com" + "name": "http://packetstormsecurity.com/files/152458/TP-LINK-TL-WR940N-TL-WR941ND-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/152458/TP-LINK-TL-WR940N-TL-WR941ND-Buffer-Overflow.html" } ] } diff --git a/2020/13xxx/CVE-2020-13844.json b/2020/13xxx/CVE-2020-13844.json index d07c28ffa01..b2cf8ff16e3 100644 --- a/2020/13xxx/CVE-2020-13844.json +++ b/2020/13xxx/CVE-2020-13844.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13844", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13844", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", + "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" + }, + { + "refsource": "CONFIRM", + "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions", + "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions" + }, + { + "refsource": "MISC", + "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation", + "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation" + }, + { + "refsource": "CONFIRM", + "name": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html", + "url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html", + "url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html" } ] } diff --git a/2020/4xxx/CVE-2020-4040.json b/2020/4xxx/CVE-2020-4040.json index d6a90d9ce26..a9abbe54407 100644 --- a/2020/4xxx/CVE-2020-4040.json +++ b/2020/4xxx/CVE-2020-4040.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.\n\nThis has been fixed in Bolt 3.7.1" + "value": "Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1" } ] }, diff --git a/2020/4xxx/CVE-2020-4041.json b/2020/4xxx/CVE-2020-4041.json index 0cde5e322b9..7be6a329e8a 100644 --- a/2020/4xxx/CVE-2020-4041.json +++ b/2020/4xxx/CVE-2020-4041.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. \n\nAdditionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented.\n\nThis is fixed in Bolt 3.7.1." + "value": "In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1." } ] }, @@ -69,11 +69,6 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j", - "refsource": "CONFIRM", - "url": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j" - }, { "name": "https://github.com/bolt/bolt/pull/7853", "refsource": "MISC", @@ -83,6 +78,11 @@ "name": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f", "refsource": "MISC", "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f" + }, + { + "name": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j", + "refsource": "CONFIRM", + "url": "https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j" } ] },