diff --git a/2011/3xxx/CVE-2011-3269.json b/2011/3xxx/CVE-2011-3269.json index 4252265b467..9c18e39f0c8 100644 --- a/2011/3xxx/CVE-2011-3269.json +++ b/2011/3xxx/CVE-2011-3269.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3269", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://contentdelivery.lexmark.com/webcontent/Email_shortcut_vulnerability.pdf", + "refsource": "MISC", + "name": "http://contentdelivery.lexmark.com/webcontent/Email_shortcut_vulnerability.pdf" } ] } diff --git a/2011/4xxx/CVE-2011-4538.json b/2011/4xxx/CVE-2011-4538.json index 435ca2c1351..b48feb01db0 100644 --- a/2011/4xxx/CVE-2011-4538.json +++ b/2011/4xxx/CVE-2011-4538.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4538", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://contentdelivery.lexmark.com/webcontent/CVE-2011-4538.pdf", + "refsource": "MISC", + "name": "http://contentdelivery.lexmark.com/webcontent/CVE-2011-4538.pdf" } ] } diff --git a/2013/2xxx/CVE-2013-2165.json b/2013/2xxx/CVE-2013-2165.json index c7d72627895..fb66ff79f09 100644 --- a/2013/2xxx/CVE-2013-2165.json +++ b/2013/2xxx/CVE-2013-2165.json @@ -96,6 +96,11 @@ "name": "RHSA-2013:1042", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", + "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html" } ] } diff --git a/2015/0xxx/CVE-2015-0279.json b/2015/0xxx/CVE-2015-0279.json index e35158bdf1b..f067429737b 100644 --- a/2015/0xxx/CVE-2015-0279.json +++ b/2015/0xxx/CVE-2015-0279.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/153734/Tufin-Secure-Change-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", + "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html" } ] } diff --git a/2016/1xxx/CVE-2016-1487.json b/2016/1xxx/CVE-2016-1487.json index d7618680485..12bc669d8b2 100644 --- a/2016/1xxx/CVE-2016-1487.json +++ b/2016/1xxx/CVE-2016-1487.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1487", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://support.lexmark.com/index?page=content&id=TE747&locale=EN&userlocale=EN_US", + "refsource": "MISC", + "name": "http://support.lexmark.com/index?page=content&id=TE747&locale=EN&userlocale=EN_US" } ] } diff --git a/2018/14xxx/CVE-2018-14667.json b/2018/14xxx/CVE-2018-14667.json index 23b0362ce40..85809527f43 100644 --- a/2018/14xxx/CVE-2018-14667.json +++ b/2018/14xxx/CVE-2018-14667.json @@ -91,6 +91,11 @@ "name": "1042037", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042037" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", + "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html" } ] } diff --git a/2019/19xxx/CVE-2019-19614.json b/2019/19xxx/CVE-2019-19614.json index 944d6ed4091..626e8289a97 100644 --- a/2019/19xxx/CVE-2019-19614.json +++ b/2019/19xxx/CVE-2019-19614.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19614", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19614", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://excellium-services.com/cert-xlm-advisory/", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/" + }, + { + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19614/", + "url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19614/" } ] } diff --git a/2019/1xxx/CVE-2019-1458.json b/2019/1xxx/CVE-2019-1458.json index 5887e020f6e..0d546e5fee9 100644 --- a/2019/1xxx/CVE-2019-1458.json +++ b/2019/1xxx/CVE-2019-1458.json @@ -129,6 +129,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.html" } ] } diff --git a/2020/10xxx/CVE-2020-10110.json b/2020/10xxx/CVE-2020-10110.json index 543fc03fedc..757b35531ed 100644 --- a/2020/10xxx/CVE-2020-10110.json +++ b/2020/10xxx/CVE-2020-10110.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://seclists.org/fulldisclosure/2020/Mar/7", "url": "https://seclists.org/fulldisclosure/2020/Mar/7" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html" } ] } diff --git a/2020/10xxx/CVE-2020-10111.json b/2020/10xxx/CVE-2020-10111.json index bd61e93fef9..3690a5fc77a 100644 --- a/2020/10xxx/CVE-2020-10111.json +++ b/2020/10xxx/CVE-2020-10111.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2020/Mar/11", "url": "http://seclists.org/fulldisclosure/2020/Mar/11" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html", + "url": "http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html" } ] } diff --git a/2020/10xxx/CVE-2020-10112.json b/2020/10xxx/CVE-2020-10112.json index a667c42e080..23e9b9c1d47 100644 --- a/2020/10xxx/CVE-2020-10112.json +++ b/2020/10xxx/CVE-2020-10112.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2020/Mar/8", "url": "http://seclists.org/fulldisclosure/2020/Mar/8" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html", + "url": "http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html" } ] } diff --git a/2020/10xxx/CVE-2020-10190.json b/2020/10xxx/CVE-2020-10190.json index f6f288ae58d..48991f2bf2f 100644 --- a/2020/10xxx/CVE-2020-10190.json +++ b/2020/10xxx/CVE-2020-10190.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10190", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10190", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/munkireport/munkireport-php/releases", + "refsource": "MISC", + "name": "https://github.com/munkireport/munkireport-php/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-SQL-injection", + "url": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-SQL-injection" } ] } diff --git a/2020/10xxx/CVE-2020-10191.json b/2020/10xxx/CVE-2020-10191.json index ad1c70713d7..bbb2e444a7b 100644 --- a/2020/10xxx/CVE-2020-10191.json +++ b/2020/10xxx/CVE-2020-10191.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10191", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10191", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/munkireport/munkireport-php/releases", + "refsource": "MISC", + "name": "https://github.com/munkireport/munkireport-php/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-Comment-XSS", + "url": "https://github.com/munkireport/munkireport-php/wiki/20200309-Authenticated-Comment-XSS" } ] } diff --git a/2020/10xxx/CVE-2020-10192.json b/2020/10xxx/CVE-2020-10192.json index c2ba394728d..43ca6e6500d 100644 --- a/2020/10xxx/CVE-2020-10192.json +++ b/2020/10xxx/CVE-2020-10192.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10192", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10192", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/munkireport/munkireport-php/releases", + "refsource": "MISC", + "name": "https://github.com/munkireport/munkireport-php/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/munkireport/munkireport-php/wiki/20200309-XSS-vulnerability", + "url": "https://github.com/munkireport/munkireport-php/wiki/20200309-XSS-vulnerability" } ] } diff --git a/2020/10xxx/CVE-2020-10244.json b/2020/10xxx/CVE-2020-10244.json new file mode 100644 index 00000000000..ec8ee4e126e --- /dev/null +++ b/2020/10xxx/CVE-2020-10244.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JPaseto before 0.3.0 generates weak hashes when using v2.local tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/paseto-toolkit/jpaseto/releases/tag/jpaseto-0.3.0", + "url": "https://github.com/paseto-toolkit/jpaseto/releases/tag/jpaseto-0.3.0" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10245.json b/2020/10xxx/CVE-2020-10245.json new file mode 100644 index 00000000000..4e3088aa87f --- /dev/null +++ b/2020/10xxx/CVE-2020-10245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10246.json b/2020/10xxx/CVE-2020-10246.json new file mode 100644 index 00000000000..810ff7cdd04 --- /dev/null +++ b/2020/10xxx/CVE-2020-10246.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10247.json b/2020/10xxx/CVE-2020-10247.json new file mode 100644 index 00000000000..07694e547ac --- /dev/null +++ b/2020/10xxx/CVE-2020-10247.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10248.json b/2020/10xxx/CVE-2020-10248.json new file mode 100644 index 00000000000..a30335e0a3f --- /dev/null +++ b/2020/10xxx/CVE-2020-10248.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10249.json b/2020/10xxx/CVE-2020-10249.json new file mode 100644 index 00000000000..a8a17f21d0d --- /dev/null +++ b/2020/10xxx/CVE-2020-10249.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10250.json b/2020/10xxx/CVE-2020-10250.json new file mode 100644 index 00000000000..3909462c2d6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10250.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/03/bwa-multiple-vulnerabilities-in-direx.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3843.json b/2020/3xxx/CVE-2020-3843.json index 1d1bd595703..8d8d82307c8 100644 --- a/2020/3xxx/CVE-2020-3843.json +++ b/2020/3xxx/CVE-2020-3843.json @@ -49,6 +49,11 @@ "url": "https://support.apple.com/HT210919", "refsource": "MISC", "name": "https://support.apple.com/HT210919" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156664/iOS-macOS-AWDL-Heap-Corruption-Bounds-Checking.html", + "url": "http://packetstormsecurity.com/files/156664/iOS-macOS-AWDL-Heap-Corruption-Bounds-Checking.html" } ] }, diff --git a/2020/8xxx/CVE-2020-8597.json b/2020/8xxx/CVE-2020-8597.json index a5179c4c3e1..b9fb117c0ef 100644 --- a/2020/8xxx/CVE-2020-8597.json +++ b/2020/8xxx/CVE-2020-8597.json @@ -111,6 +111,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-571091c70b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNJNHWOO4XF73M2W56ILZUY4JQG3JXIR/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-Buffer-Overflow.html" } ] } diff --git a/2020/9xxx/CVE-2020-9364.json b/2020/9xxx/CVE-2020-9364.json index 47788057346..71b4d7f5c06 100644 --- a/2020/9xxx/CVE-2020-9364.json +++ b/2020/9xxx/CVE-2020-9364.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20200306 [AIT-SA-20200301-01] CVE-2020-9364: Directory Traversal in Creative Contact Form", "url": "http://seclists.org/fulldisclosure/2020/Mar/13" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.html" } ] } diff --git a/2020/9xxx/CVE-2020-9758.json b/2020/9xxx/CVE-2020-9758.json index 99f006df25c..fbcc891822e 100644 --- a/2020/9xxx/CVE-2020-9758.json +++ b/2020/9xxx/CVE-2020-9758.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9758", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9758", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ari034/CVE-2020-9758", + "url": "https://github.com/ari034/CVE-2020-9758" } ] }