diff --git a/2020/12xxx/CVE-2020-12777.json b/2020/12xxx/CVE-2020-12777.json index 44565c63de9..fbc80dd2850 100644 --- a/2020/12xxx/CVE-2020-12777.json +++ b/2020/12xxx/CVE-2020-12777.json @@ -80,6 +80,11 @@ "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3833-46ae7-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-3833-46ae7-1.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-88fq-r22m-64q2", + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-88fq-r22m-64q2" } ] }, diff --git a/2020/12xxx/CVE-2020-12778.json b/2020/12xxx/CVE-2020-12778.json index bbe505031d3..40309cc7eda 100644 --- a/2020/12xxx/CVE-2020-12778.json +++ b/2020/12xxx/CVE-2020-12778.json @@ -80,6 +80,11 @@ "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv", + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv" } ] }, diff --git a/2020/12xxx/CVE-2020-12779.json b/2020/12xxx/CVE-2020-12779.json index 0e057bc31a4..49079c4421b 100644 --- a/2020/12xxx/CVE-2020-12779.json +++ b/2020/12xxx/CVE-2020-12779.json @@ -80,6 +80,11 @@ "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3835-e8e8f-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-3835-e8e8f-1.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-qqrf-j8qv-g247", + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-qqrf-j8qv-g247" } ] }, diff --git a/2020/12xxx/CVE-2020-12780.json b/2020/12xxx/CVE-2020-12780.json index b5fad028517..431b751f612 100644 --- a/2020/12xxx/CVE-2020-12780.json +++ b/2020/12xxx/CVE-2020-12780.json @@ -80,6 +80,11 @@ "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3836-47d6c-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-3836-47d6c-1.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-97cw-cjxc-9x78", + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-97cw-cjxc-9x78" } ] }, diff --git a/2020/12xxx/CVE-2020-12781.json b/2020/12xxx/CVE-2020-12781.json index 5bef7675e54..1ee7ee13905 100644 --- a/2020/12xxx/CVE-2020-12781.json +++ b/2020/12xxx/CVE-2020-12781.json @@ -80,6 +80,11 @@ "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v", + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v" } ] }, diff --git a/2020/22xxx/CVE-2020-22158.json b/2020/22xxx/CVE-2020-22158.json index 0df94cc843b..e76000e1a70 100644 --- a/2020/22xxx/CVE-2020-22158.json +++ b/2020/22xxx/CVE-2020-22158.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the \"path\" or \"Services+ID\" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the \"name\" parameter with the malicious code." + "value": "MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the \"path\" or \"Services+ID\" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the \"name\" parameter with the malicious code." } ] }, diff --git a/2020/25xxx/CVE-2020-25137.json b/2020/25xxx/CVE-2020-25137.json index 02f129941a8..32b37c282c5 100644 --- a/2020/25xxx/CVE-2020-25137.json +++ b/2020/25xxx/CVE-2020-25137.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25137", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25137", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8", + "url": "https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8" } ] } diff --git a/2020/25xxx/CVE-2020-25138.json b/2020/25xxx/CVE-2020-25138.json index c4ba5d458f7..d4d909fd1e1 100644 --- a/2020/25xxx/CVE-2020-25138.json +++ b/2020/25xxx/CVE-2020-25138.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25138", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25138", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/mariuszpoplawski/bfb6dea73586dbb668d280d412ecb6d8", + "url": "https://gist.github.com/mariuszpoplawski/bfb6dea73586dbb668d280d412ecb6d8" } ] } diff --git a/2020/25xxx/CVE-2020-25139.json b/2020/25xxx/CVE-2020-25139.json index 3981d322038..deeb65f3e9d 100644 --- a/2020/25xxx/CVE-2020-25139.json +++ b/2020/25xxx/CVE-2020-25139.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25139", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25139", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/mariuszpoplawski/1e7526027aec7a89e78950e5e57d007d", + "url": "https://gist.github.com/mariuszpoplawski/1e7526027aec7a89e78950e5e57d007d" } ] } diff --git a/2020/25xxx/CVE-2020-25140.json b/2020/25xxx/CVE-2020-25140.json index 28637675e9f..ee4500e6749 100644 --- a/2020/25xxx/CVE-2020-25140.json +++ b/2020/25xxx/CVE-2020-25140.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25140", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25140", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.observium.org/changelog/", + "refsource": "MISC", + "name": "https://docs.observium.org/changelog/" } ] }