From d629f138d6e5f631ae201c45a281d3266d482e5f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 7 Apr 2020 19:01:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6107.json | 5 +++ 2018/20xxx/CVE-2018-20405.json | 2 +- 2019/16xxx/CVE-2019-16775.json | 2 +- 2019/16xxx/CVE-2019-16776.json | 2 +- 2020/11xxx/CVE-2020-11508.json | 56 ++++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11509.json | 56 ++++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11613.json | 18 +++++++++++ 2020/11xxx/CVE-2020-11614.json | 18 +++++++++++ 2020/11xxx/CVE-2020-11615.json | 18 +++++++++++ 2020/11xxx/CVE-2020-11616.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6647.json | 50 ++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9286.json | 50 ++++++++++++++++++++++++++++-- 12 files changed, 274 insertions(+), 21 deletions(-) create mode 100644 2020/11xxx/CVE-2020-11613.json create mode 100644 2020/11xxx/CVE-2020-11614.json create mode 100644 2020/11xxx/CVE-2020-11615.json create mode 100644 2020/11xxx/CVE-2020-11616.json diff --git a/2012/6xxx/CVE-2012-6107.json b/2012/6xxx/CVE-2012-6107.json index 71ef36a026f..9f18f65598d 100644 --- a/2012/6xxx/CVE-2012-6107.json +++ b/2012/6xxx/CVE-2012-6107.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[axis-c-dev] 20200128 [jira] [Comment Edited] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "url": "https://lists.apache.org/thread.html/rfaf85467328c125126e2607196a7fb9510a9f9513dadf6d954b4af0c@%3Cc-dev.axis.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[axis-c-dev] 20200407 [jira] [Updated] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", + "url": "https://lists.apache.org/thread.html/r469d2a5b453c95fc8335f581422a5e7ae4d31f10d22650fb85abfc2d@%3Cc-dev.axis.apache.org%3E" } ] } diff --git a/2018/20xxx/CVE-2018-20405.json b/2018/20xxx/CVE-2018-20405.json index 9e227c1e24e..12701865c0d 100644 --- a/2018/20xxx/CVE-2018-20405.json +++ b/2018/20xxx/CVE-2018-20405.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error." + "value": "** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: \"The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.\"" } ] }, diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index 6a0d383c122..551858b0d4a 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index 4e8d996fb68..59f8886172b 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user\u2019s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." + "value": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option." } ] }, diff --git a/2020/11xxx/CVE-2020-11508.json b/2020/11xxx/CVE-2020-11508.json index e07ca95c804..07fe0408009 100644 --- a/2020/11xxx/CVE-2020-11508.json +++ b/2020/11xxx/CVE-2020-11508.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11508", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11508", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/", + "url": "https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/" } ] } diff --git a/2020/11xxx/CVE-2020-11509.json b/2020/11xxx/CVE-2020-11509.json index 4751f51e133..11caa733fd8 100644 --- a/2020/11xxx/CVE-2020-11509.json +++ b/2020/11xxx/CVE-2020-11509.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11509", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11509", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/", + "url": "https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/" } ] } diff --git a/2020/11xxx/CVE-2020-11613.json b/2020/11xxx/CVE-2020-11613.json new file mode 100644 index 00000000000..2652364534d --- /dev/null +++ b/2020/11xxx/CVE-2020-11613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11614.json b/2020/11xxx/CVE-2020-11614.json new file mode 100644 index 00000000000..6d6de9f7ee4 --- /dev/null +++ b/2020/11xxx/CVE-2020-11614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11615.json b/2020/11xxx/CVE-2020-11615.json new file mode 100644 index 00000000000..52416b550a9 --- /dev/null +++ b/2020/11xxx/CVE-2020-11615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11616.json b/2020/11xxx/CVE-2020-11616.json new file mode 100644 index 00000000000..d5dbe080078 --- /dev/null +++ b/2020/11xxx/CVE-2020-11616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6647.json b/2020/6xxx/CVE-2020-6647.json index 26560eafaf8..4e2050c11ad 100644 --- a/2020/6xxx/CVE-2020-6647.json +++ b/2020/6xxx/CVE-2020-6647.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiADC", + "version": { + "version_data": [ + { + "version_value": "FortiADC 5.4.0 and 5.3.x before 5.3.5." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-20-012", + "url": "https://fortiguard.com/psirt/FG-IR-20-012" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter." } ] } diff --git a/2020/9xxx/CVE-2020-9286.json b/2020/9xxx/CVE-2020-9286.json index 48547f562f6..3e72961651a 100644 --- a/2020/9xxx/CVE-2020-9286.json +++ b/2020/9xxx/CVE-2020-9286.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FortiADC", + "version": { + "version_data": [ + { + "version_value": "FortiADC 5.3.3 and earlier." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-20-013", + "url": "https://fortiguard.com/psirt/FG-IR-20-013" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system." } ] }