diff --git a/2015/8xxx/CVE-2015-8606.json b/2015/8xxx/CVE-2015-8606.json index 36a9b5fcb07..b9313fb7ac8 100644 --- a/2015/8xxx/CVE-2015-8606.json +++ b/2015/8xxx/CVE-2015-8606.json @@ -76,6 +76,11 @@ "name": "20151213 SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Dec/55" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html" } ] } diff --git a/2015/8xxx/CVE-2015-8766.json b/2015/8xxx/CVE-2015-8766.json index a38ef7bf2f2..344999461cb 100644 --- a/2015/8xxx/CVE-2015-8766.json +++ b/2015/8xxx/CVE-2015-8766.json @@ -66,6 +66,11 @@ "name": "20151213 Symphony 2.6.3 \u00c3\u00a2\u00e2\u0082\u00ac\u00e2\u0080\u009c Multiple Persistent Cross-Site Scripting Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Dec/60" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html" } ] } diff --git a/2015/9xxx/CVE-2015-9228.json b/2015/9xxx/CVE-2015-9228.json index d624b112acc..af465f06f36 100644 --- a/2015/9xxx/CVE-2015-9228.json +++ b/2015/9xxx/CVE-2015-9228.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/9758", "url": "https://wpvulndb.com/vulnerabilities/9758" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html" } ] } diff --git a/2015/9xxx/CVE-2015-9229.json b/2015/9xxx/CVE-2015-9229.json index f532f9cb148..db11b5b66a5 100644 --- a/2015/9xxx/CVE-2015-9229.json +++ b/2015/9xxx/CVE-2015-9229.json @@ -56,6 +56,11 @@ "name": "https://github.com/cybersecurityworks/Disclosed/issues/5", "refsource": "MISC", "url": "https://github.com/cybersecurityworks/Disclosed/issues/5" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9229-nextgen-gallery.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9229-nextgen-gallery.html" } ] } diff --git a/2015/9xxx/CVE-2015-9230.json b/2015/9xxx/CVE-2015-9230.json index 61c3bf52dd1..1f6a1bf4ed3 100644 --- a/2015/9xxx/CVE-2015-9230.json +++ b/2015/9xxx/CVE-2015-9230.json @@ -81,6 +81,11 @@ "name": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html" } ] } diff --git a/2015/9xxx/CVE-2015-9260.json b/2015/9xxx/CVE-2015-9260.json index c74badd42b9..5b4003fbf62 100644 --- a/2015/9xxx/CVE-2015-9260.json +++ b/2015/9xxx/CVE-2015-9260.json @@ -66,6 +66,11 @@ "name": "https://github.com/cybersecurityworks/Disclosed/issues/8", "refsource": "MISC", "url": "https://github.com/cybersecurityworks/Disclosed/issues/8" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html" } ] } diff --git a/2015/9xxx/CVE-2015-9410.json b/2015/9xxx/CVE-2015-9410.json index c72a09857c7..00d2e46e084 100644 --- a/2015/9xxx/CVE-2015-9410.json +++ b/2015/9xxx/CVE-2015-9410.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/7", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/7" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html" } ] } diff --git a/2015/9xxx/CVE-2015-9537.json b/2015/9xxx/CVE-2015-9537.json index 85c2dd48b8e..a30ab45678c 100644 --- a/2015/9xxx/CVE-2015-9537.json +++ b/2015/9xxx/CVE-2015-9537.json @@ -66,6 +66,11 @@ "url": "https://www.openwall.com/lists/oss-security/2015/10/27/4", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2015/10/27/4" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html" } ] } diff --git a/2015/9xxx/CVE-2015-9538.json b/2015/9xxx/CVE-2015-9538.json index d6c95d5170b..9ba80104fc2 100644 --- a/2015/9xxx/CVE-2015-9538.json +++ b/2015/9xxx/CVE-2015-9538.json @@ -81,6 +81,11 @@ "url": "https://www.openwall.com/lists/oss-security/2015/09/01/7", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2015/09/01/7" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html" } ] } diff --git a/2015/9xxx/CVE-2015-9539.json b/2015/9xxx/CVE-2015-9539.json index aa17ff3ea44..0ccd1c5debc 100644 --- a/2015/9xxx/CVE-2015-9539.json +++ b/2015/9xxx/CVE-2015-9539.json @@ -66,6 +66,11 @@ "url": "https://github.com/amansaini/fast-secure-contact-form", "refsource": "MISC", "name": "https://github.com/amansaini/fast-secure-contact-form" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9539-fastsecure.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9539-fastsecure.html" } ] } diff --git a/2015/9xxx/CVE-2015-9549.json b/2015/9xxx/CVE-2015-9549.json index 074a252009c..47f1d0b23c4 100644 --- a/2015/9xxx/CVE-2015-9549.json +++ b/2015/9xxx/CVE-2015-9549.json @@ -61,6 +61,11 @@ "url": "https://www.openwall.com/lists/oss-security/2015/12/19/2", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2015/12/19/2" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9549-ocportal.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9549-ocportal.html" } ] } diff --git a/2016/11xxx/CVE-2016-11014.json b/2016/11xxx/CVE-2016-11014.json index 6d9ebc08d81..e9d45fa58b7 100644 --- a/2016/11xxx/CVE-2016-11014.json +++ b/2016/11xxx/CVE-2016-11014.json @@ -71,6 +71,11 @@ "url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html", "refsource": "MISC", "name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html" } ] } diff --git a/2016/11xxx/CVE-2016-11015.json b/2016/11xxx/CVE-2016-11015.json index b1e764831b4..400cad9bf5f 100644 --- a/2016/11xxx/CVE-2016-11015.json +++ b/2016/11xxx/CVE-2016-11015.json @@ -71,6 +71,11 @@ "url": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/", "refsource": "MISC", "name": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2016-11015-netgear.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2016-11015-netgear.html" } ] } diff --git a/2016/11xxx/CVE-2016-11016.json b/2016/11xxx/CVE-2016-11016.json index a8e7bb5ff30..10964e1eb6e 100644 --- a/2016/11xxx/CVE-2016-11016.json +++ b/2016/11xxx/CVE-2016-11016.json @@ -76,6 +76,11 @@ "url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html", "refsource": "MISC", "name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2016-11016-netgear.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2016-11016-netgear.html" } ] } diff --git a/2017/14xxx/CVE-2017-14245.json b/2017/14xxx/CVE-2017-14245.json index 0d1eacb9721..e7a459ae73c 100644 --- a/2017/14xxx/CVE-2017-14245.json +++ b/2017/14xxx/CVE-2017-14245.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-65", "url": "https://security.gentoo.org/glsa/202007-65" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2017/14xxx/CVE-2017-14246.json b/2017/14xxx/CVE-2017-14246.json index b331c6ea1ac..728b67b8989 100644 --- a/2017/14xxx/CVE-2017-14246.json +++ b/2017/14xxx/CVE-2017-14246.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-65", "url": "https://security.gentoo.org/glsa/202007-65" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2017/14xxx/CVE-2017-14530.json b/2017/14xxx/CVE-2017-14530.json index cb78b09cefe..f8c3eea7ad4 100644 --- a/2017/14xxx/CVE-2017-14530.json +++ b/2017/14xxx/CVE-2017-14530.json @@ -61,6 +61,11 @@ "name": "https://github.com/cybersecurityworks/Disclosed/issues/9", "refsource": "MISC", "url": "https://github.com/cybersecurityworks/Disclosed/issues/9" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2017-14530-crony.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2017-14530-crony.html" } ] } diff --git a/2017/14xxx/CVE-2017-14634.json b/2017/14xxx/CVE-2017-14634.json index 6df03c802e3..fe74b260281 100644 --- a/2017/14xxx/CVE-2017-14634.json +++ b/2017/14xxx/CVE-2017-14634.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2017/14xxx/CVE-2017-14651.json b/2017/14xxx/CVE-2017-14651.json index cf316525daf..564a680d9a4 100644 --- a/2017/14xxx/CVE-2017-14651.json +++ b/2017/14xxx/CVE-2017-14651.json @@ -61,6 +61,11 @@ "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265", "refsource": "MISC", "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html" } ] } diff --git a/2017/6xxx/CVE-2017-6892.json b/2017/6xxx/CVE-2017-6892.json index bfae48e5d0a..a05b3a4c9d2 100644 --- a/2017/6xxx/CVE-2017-6892.json +++ b/2017/6xxx/CVE-2017-6892.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2018/18xxx/CVE-2018-18809.json b/2018/18xxx/CVE-2018-18809.json index fd29bde83fc..3b5b7e25463 100644 --- a/2018/18xxx/CVE-2018-18809.json +++ b/2018/18xxx/CVE-2018-18809.json @@ -227,6 +227,11 @@ "refsource": "MISC", "name": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html", "url": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html" } ] }, diff --git a/2018/19xxx/CVE-2018-19661.json b/2018/19xxx/CVE-2018-19661.json index eedab28fde9..8514768169a 100644 --- a/2018/19xxx/CVE-2018-19661.json +++ b/2018/19xxx/CVE-2018-19661.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2018/19xxx/CVE-2018-19662.json b/2018/19xxx/CVE-2018-19662.json index 7e5c9139e98..4a1751e6b73 100644 --- a/2018/19xxx/CVE-2018-19662.json +++ b/2018/19xxx/CVE-2018-19662.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2018/19xxx/CVE-2018-19758.json b/2018/19xxx/CVE-2018-19758.json index b04cbdd8cc8..e716d7901df 100644 --- a/2018/19xxx/CVE-2018-19758.json +++ b/2018/19xxx/CVE-2018-19758.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2018/20xxx/CVE-2018-20432.json b/2018/20xxx/CVE-2018-20432.json index f8d049f1eba..25e47c6b661 100644 --- a/2018/20xxx/CVE-2018-20432.json +++ b/2018/20xxx/CVE-2018-20432.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109", "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html" } ] } diff --git a/2018/5xxx/CVE-2018-5950.json b/2018/5xxx/CVE-2018-5950.json index 03ef66528cc..f91bd21110b 100644 --- a/2018/5xxx/CVE-2018-5950.json +++ b/2018/5xxx/CVE-2018-5950.json @@ -91,6 +91,11 @@ "name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html" } ] } diff --git a/2019/11xxx/CVE-2019-11057.json b/2019/11xxx/CVE-2019-11057.json index c90d3d635bb..0a45a22d0e1 100644 --- a/2019/11xxx/CVE-2019-11057.json +++ b/2019/11xxx/CVE-2019-11057.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://medium.com/@mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c", "url": "https://medium.com/@mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html" } ] } diff --git a/2019/11xxx/CVE-2019-11556.json b/2019/11xxx/CVE-2019-11556.json index 1ac80a51fc8..62c199f3e95 100644 --- a/2019/11xxx/CVE-2019-11556.json +++ b/2019/11xxx/CVE-2019-11556.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618", "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1765", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html" } ] } diff --git a/2019/16xxx/CVE-2019-16728.json b/2019/16xxx/CVE-2019-16728.json index c900155c41a..e20892c85c7 100644 --- a/2019/16xxx/CVE-2019-16728.json +++ b/2019/16xxx/CVE-2019-16728.json @@ -56,6 +56,11 @@ "url": "https://research.securitum.com/dompurify-bypass-using-mxss/", "refsource": "MISC", "name": "https://research.securitum.com/dompurify-bypass-using-mxss/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" } ] } diff --git a/2019/19xxx/CVE-2019-19306.json b/2019/19xxx/CVE-2019-19306.json index 61e984cf0a3..96897cd9276 100644 --- a/2019/19xxx/CVE-2019-19306.json +++ b/2019/19xxx/CVE-2019-19306.json @@ -66,6 +66,11 @@ "url": "https://wordpress.org/plugins/zoho-crm-forms/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/zoho-crm-forms/#developers" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-19306-zoho.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-19306-zoho.html" } ] } diff --git a/2019/20xxx/CVE-2019-20363.json b/2019/20xxx/CVE-2019-20363.json index 59451614c83..46005e06c9c 100644 --- a/2019/20xxx/CVE-2019-20363.json +++ b/2019/20xxx/CVE-2019-20363.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20363-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20363-openfire.html" } ] } diff --git a/2019/20xxx/CVE-2019-20364.json b/2019/20xxx/CVE-2019-20364.json index 542bef49538..ce7d9eda741 100644 --- a/2019/20xxx/CVE-2019-20364.json +++ b/2019/20xxx/CVE-2019-20364.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20364-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20364-openfire.html" } ] } diff --git a/2019/20xxx/CVE-2019-20365.json b/2019/20xxx/CVE-2019-20365.json index ff164210afd..e2c6e88c503 100644 --- a/2019/20xxx/CVE-2019-20365.json +++ b/2019/20xxx/CVE-2019-20365.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20365-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20365-openfire.html" } ] } diff --git a/2019/20xxx/CVE-2019-20366.json b/2019/20xxx/CVE-2019-20366.json index ad02dba39f1..fb2b73daf5b 100644 --- a/2019/20xxx/CVE-2019-20366.json +++ b/2019/20xxx/CVE-2019-20366.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20366-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20366-openfire.html" } ] } diff --git a/2019/20xxx/CVE-2019-20434.json b/2019/20xxx/CVE-2019-20434.json index 98f504522cc..368c71505d8 100644 --- a/2019/20xxx/CVE-2019-20434.json +++ b/2019/20xxx/CVE-2019-20434.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/17", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/17" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20434-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20434-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20435.json b/2019/20xxx/CVE-2019-20435.json index c4d7f4672f4..d92c386b0c9 100644 --- a/2019/20xxx/CVE-2019-20435.json +++ b/2019/20xxx/CVE-2019-20435.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/18", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/18" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20435-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20435-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20436.json b/2019/20xxx/CVE-2019-20436.json index 48e9bf4e149..509ad709e19 100644 --- a/2019/20xxx/CVE-2019-20436.json +++ b/2019/20xxx/CVE-2019-20436.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/19", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/19" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20437.json b/2019/20xxx/CVE-2019-20437.json index dc7aac9b011..6f66f161b26 100644 --- a/2019/20xxx/CVE-2019-20437.json +++ b/2019/20xxx/CVE-2019-20437.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/20", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/20" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20438.json b/2019/20xxx/CVE-2019-20438.json index 7210c6c2d89..09c2e295336 100644 --- a/2019/20xxx/CVE-2019-20438.json +++ b/2019/20xxx/CVE-2019-20438.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/22", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/22" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20438-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20438-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20439.json b/2019/20xxx/CVE-2019-20439.json index 87a6fb80216..0e51f35cf8a 100644 --- a/2019/20xxx/CVE-2019-20439.json +++ b/2019/20xxx/CVE-2019-20439.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/21", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/21" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20439-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20439-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20440.json b/2019/20xxx/CVE-2019-20440.json index 61a0ce6d5db..f30ac0219b1 100644 --- a/2019/20xxx/CVE-2019-20440.json +++ b/2019/20xxx/CVE-2019-20440.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/24", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/24" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20440-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20440-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20441.json b/2019/20xxx/CVE-2019-20441.json index c741b495e74..b2d052ecbbe 100644 --- a/2019/20xxx/CVE-2019-20441.json +++ b/2019/20xxx/CVE-2019-20441.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/23", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/23" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20441-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20441-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20442.json b/2019/20xxx/CVE-2019-20442.json index 28f0297aa0b..9cf5a9e4c3d 100644 --- a/2019/20xxx/CVE-2019-20442.json +++ b/2019/20xxx/CVE-2019-20442.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/25", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/25" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20442-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20442-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20443.json b/2019/20xxx/CVE-2019-20443.json index 1797e791e15..b36bdb13811 100644 --- a/2019/20xxx/CVE-2019-20443.json +++ b/2019/20xxx/CVE-2019-20443.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/26", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/26" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20443-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20443-wso2.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3832.json b/2019/3xxx/CVE-2019-3832.json index 65ba5729305..2023a3b1488 100644 --- a/2019/3xxx/CVE-2019-3832.json +++ b/2019/3xxx/CVE-2019-3832.json @@ -68,6 +68,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-65", "url": "https://security.gentoo.org/glsa/202007-65" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] }, diff --git a/2019/4xxx/CVE-2019-4547.json b/2019/4xxx/CVE-2019-4547.json index bc3794e3f5e..b0fcc1e6451 100644 --- a/2019/4xxx/CVE-2019-4547.json +++ b/2019/4xxx/CVE-2019-4547.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4547", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.", + "lang": "eng" } ] - } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356607", + "name": "https://www.ibm.com/support/pages/node/6356607", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356607 (Security Directory Server)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949", + "name": "ibm-sds-cve20194547-info-disc (165949)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + }, + "product_name": "Security Directory Server" + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "SCORE": "5.300", + "AC": "L", + "A": "N", + "UI": "N", + "S": "U", + "I": "N", + "AV": "N", + "C": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "ID": "CVE-2019-4547" + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4563.json b/2019/4xxx/CVE-2019-4563.json index 053c09c1214..234f0330ed0 100644 --- a/2019/4xxx/CVE-2019-4563.json +++ b/2019/4xxx/CVE-2019-4563.json @@ -1,17 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4563", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6356607 (Security Directory Server)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6356607", + "name": "https://www.ibm.com/support/pages/node/6356607" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sds-cve20194563-info-disc (166624)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + } + } + ] + } + } + ] + } }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624." + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "I": "N", + "AV": "N", + "C": "L", + "A": "N", + "UI": "N", + "AC": "H", + "S": "U", + "PR": "N", + "SCORE": "3.700" + } + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4563" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } ] } diff --git a/2020/13xxx/CVE-2020-13957.json b/2020/13xxx/CVE-2020-13957.json index 5b77f46c872..ea2b7c711ad 100644 --- a/2020/13xxx/CVE-2020-13957.json +++ b/2020/13xxx/CVE-2020-13957.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20201023-0002/", "url": "https://security.netapp.com/advisory/ntap-20201023-0002/" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20201029 [jira] [Commented] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented", + "url": "https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E" } ] }, diff --git a/2020/14xxx/CVE-2020-14323.json b/2020/14xxx/CVE-2020-14323.json index 5eef6ad5dc9..249fde745c0 100644 --- a/2020/14xxx/CVE-2020-14323.json +++ b/2020/14xxx/CVE-2020-14323.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14323", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Samba", + "version": { + "version_data": [ + { + "version_value": "All samba versions before 4.11.15, before 4.12.9 and before 4.13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685" + }, + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2020-14323.html", + "url": "https://www.samba.org/samba/security/CVE-2020-14323.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service." } ] } diff --git a/2020/14xxx/CVE-2020-14723.json b/2020/14xxx/CVE-2020-14723.json index a8521dd1993..2cc9a41dce6 100644 --- a/2020/14xxx/CVE-2020-14723.json +++ b/2020/14xxx/CVE-2020-14723.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2020-14723-oracle.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2020-14723-oracle.html" } ] } diff --git a/2020/14xxx/CVE-2020-14882.json b/2020/14xxx/CVE-2020-14882.json index 0ac78c260c1..495199dd693 100644 --- a/2020/14xxx/CVE-2020-14882.json +++ b/2020/14xxx/CVE-2020-14882.json @@ -80,6 +80,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html" } ] } diff --git a/2020/15xxx/CVE-2020-15190.json b/2020/15xxx/CVE-2020-15190.json index 4d75145f697..69b59e5bf80 100644 --- a/2020/15xxx/CVE-2020-15190.json +++ b/2020/15xxx/CVE-2020-15190.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15191.json b/2020/15xxx/CVE-2020-15191.json index 2f8b4540f82..bdceab9a0ef 100644 --- a/2020/15xxx/CVE-2020-15191.json +++ b/2020/15xxx/CVE-2020-15191.json @@ -94,6 +94,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15192.json b/2020/15xxx/CVE-2020-15192.json index 8e92f95595e..e84ea5377e0 100644 --- a/2020/15xxx/CVE-2020-15192.json +++ b/2020/15xxx/CVE-2020-15192.json @@ -86,6 +86,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15193.json b/2020/15xxx/CVE-2020-15193.json index eaf2acfcb23..2943e7e3b91 100644 --- a/2020/15xxx/CVE-2020-15193.json +++ b/2020/15xxx/CVE-2020-15193.json @@ -86,6 +86,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15194.json b/2020/15xxx/CVE-2020-15194.json index 873e58949cf..c27861ebb39 100644 --- a/2020/15xxx/CVE-2020-15194.json +++ b/2020/15xxx/CVE-2020-15194.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15195.json b/2020/15xxx/CVE-2020-15195.json index 27a1f76ae79..09764b50866 100644 --- a/2020/15xxx/CVE-2020-15195.json +++ b/2020/15xxx/CVE-2020-15195.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15202.json b/2020/15xxx/CVE-2020-15202.json index 9d7f63c9d9d..8db71c4621f 100644 --- a/2020/15xxx/CVE-2020-15202.json +++ b/2020/15xxx/CVE-2020-15202.json @@ -108,6 +108,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15203.json b/2020/15xxx/CVE-2020-15203.json index 421080960df..be6e4898340 100644 --- a/2020/15xxx/CVE-2020-15203.json +++ b/2020/15xxx/CVE-2020-15203.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15204.json b/2020/15xxx/CVE-2020-15204.json index 9babef0b34f..342980aa6ae 100644 --- a/2020/15xxx/CVE-2020-15204.json +++ b/2020/15xxx/CVE-2020-15204.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15205.json b/2020/15xxx/CVE-2020-15205.json index 2d7aa7ef276..d11a5519a36 100644 --- a/2020/15xxx/CVE-2020-15205.json +++ b/2020/15xxx/CVE-2020-15205.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15206.json b/2020/15xxx/CVE-2020-15206.json index 603fca189f4..fe7b833644e 100644 --- a/2020/15xxx/CVE-2020-15206.json +++ b/2020/15xxx/CVE-2020-15206.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15207.json b/2020/15xxx/CVE-2020-15207.json index 6ea2490baf6..21067fd9482 100644 --- a/2020/15xxx/CVE-2020-15207.json +++ b/2020/15xxx/CVE-2020-15207.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15208.json b/2020/15xxx/CVE-2020-15208.json index 379690dd478..fbfd53b8d4a 100644 --- a/2020/15xxx/CVE-2020-15208.json +++ b/2020/15xxx/CVE-2020-15208.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15209.json b/2020/15xxx/CVE-2020-15209.json index c5aed6f5027..736967f1a08 100644 --- a/2020/15xxx/CVE-2020-15209.json +++ b/2020/15xxx/CVE-2020-15209.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15210.json b/2020/15xxx/CVE-2020-15210.json index 4321a64001e..e825062e261 100644 --- a/2020/15xxx/CVE-2020-15210.json +++ b/2020/15xxx/CVE-2020-15210.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15211.json b/2020/15xxx/CVE-2020-15211.json index 51c53fa7c50..4526d71491a 100644 --- a/2020/15xxx/CVE-2020-15211.json +++ b/2020/15xxx/CVE-2020-15211.json @@ -128,6 +128,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/24xxx/CVE-2020-24408.json b/2020/24xxx/CVE-2020-24408.json index 605f522b531..e69d3ebfe1f 100644 --- a/2020/24xxx/CVE-2020-24408.json +++ b/2020/24xxx/CVE-2020-24408.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file." + "value": "New description: Magento versions 2.4.0 and 2.3.5p2 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file." } ] }, diff --git a/2020/24xxx/CVE-2020-24601.json b/2020/24xxx/CVE-2020-24601.json index ce9952e236d..2cb688bad04 100644 --- a/2020/24xxx/CVE-2020-24601.json +++ b/2020/24xxx/CVE-2020-24601.json @@ -56,6 +56,11 @@ "url": "https://issues.igniterealtime.org/browse/OF-1963", "refsource": "MISC", "name": "https://issues.igniterealtime.org/browse/OF-1963" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.html" } ] } diff --git a/2020/25xxx/CVE-2020-25516.json b/2020/25xxx/CVE-2020-25516.json index c6f2c71f5cf..d6e2bd7352f 100644 --- a/2020/25xxx/CVE-2020-25516.json +++ b/2020/25xxx/CVE-2020-25516.json @@ -56,6 +56,11 @@ "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0781", "refsource": "MISC", "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0781" + }, + { + "refsource": "MISC", + "name": "https://github.com/piuppi/Proof-of-Concepts/blob/main/WSO2/CVE-2020-25516.md", + "url": "https://github.com/piuppi/Proof-of-Concepts/blob/main/WSO2/CVE-2020-25516.md" } ] } diff --git a/2020/25xxx/CVE-2020-25646.json b/2020/25xxx/CVE-2020-25646.json index c5bbe81a4f4..92e821afbd3 100644 --- a/2020/25xxx/CVE-2020-25646.json +++ b/2020/25xxx/CVE-2020-25646.json @@ -4,15 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ansible Community", + "product": { + "product_data": [ + { + "product_name": "Community Collections", + "version": { + "version_data": [ + { + "version_value": "from 1.0.0 to 1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-117" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ansible-collections/community.crypto/commit/233d1afc296f6770e905a1785ee2f35af7605e43", + "refsource": "MISC", + "name": "https://github.com/ansible-collections/community.crypto/commit/233d1afc296f6770e905a1785ee2f35af7605e43" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality" } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25780.json b/2020/25xxx/CVE-2020-25780.json index 930292ddc2e..7b9c988df37 100644 --- a/2020/25xxx/CVE-2020-25780.json +++ b/2020/25xxx/CVE-2020-25780.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25780", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25780", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://kb.commvault.com/article/63264", + "refsource": "MISC", + "name": "http://kb.commvault.com/article/63264" } ] } diff --git a/2020/26xxx/CVE-2020-26205.json b/2020/26xxx/CVE-2020-26205.json index 9d2e89944a1..8f1971f0977 100644 --- a/2020/26xxx/CVE-2020-26205.json +++ b/2020/26xxx/CVE-2020-26205.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-26205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS in Sal" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sal", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.1.6" + } + ] + } + } + ] + }, + "vendor_name": "salopensource" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/salopensource/sal/pull/405", + "refsource": "CONFIRM", + "url": "https://github.com/salopensource/sal/pull/405" + }, + { + "name": "https://github.com/salopensource/sal/commit/145bb72daf8460bdedbbc9fb708d346283e7a568", + "refsource": "MISC", + "url": "https://github.com/salopensource/sal/commit/145bb72daf8460bdedbbc9fb708d346283e7a568" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26870.json b/2020/26xxx/CVE-2020-26870.json index 020db4a7a0a..1c3ec698120 100644 --- a/2020/26xxx/CVE-2020-26870.json +++ b/2020/26xxx/CVE-2020-26870.json @@ -66,6 +66,11 @@ "url": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", "refsource": "MISC", "name": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" } ] } diff --git a/2020/27xxx/CVE-2020-27014.json b/2020/27xxx/CVE-2020-27014.json index 096fae1f68f..7ee0300c8e6 100644 --- a/2020/27xxx/CVE-2020-27014.json +++ b/2020/27xxx/CVE-2020-27014.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-27014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2020-27014", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Antivirus for Mac (Consumer)", + "version" : { + "version_data" : [ + { + "version_value" : "2020 (v10.x) and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Race Condition" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/" + } + ] + } +} diff --git a/2020/27xxx/CVE-2020-27015.json b/2020/27xxx/CVE-2020-27015.json index 944422db8ad..ee59145a308 100644 --- a/2020/27xxx/CVE-2020-27015.json +++ b/2020/27xxx/CVE-2020-27015.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-27015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2020-27015", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Antivirus for Mac (Consumer)", + "version" : { + "version_data" : [ + { + "version_value" : "2020 (v10.x) and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland.\r\n\r\n\n\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/" + } + ] + } +} diff --git a/2020/27xxx/CVE-2020-27648.json b/2020/27xxx/CVE-2020-27648.json index 0c052dd4d64..d791d8374b3 100644 --- a/2020/27xxx/CVE-2020-27648.json +++ b/2020/27xxx/CVE-2020-27648.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_18", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_18" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27649.json b/2020/27xxx/CVE-2020-27649.json index cc998ec8c8f..e2f8271ecdd 100644 --- a/2020/27xxx/CVE-2020-27649.json +++ b/2020/27xxx/CVE-2020-27649.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27651.json b/2020/27xxx/CVE-2020-27651.json index 67669ebd4e9..978afa61106 100644 --- a/2020/27xxx/CVE-2020-27651.json +++ b/2020/27xxx/CVE-2020-27651.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27652.json b/2020/27xxx/CVE-2020-27652.json index 3d2b134fbfc..e410b6ad5fd 100644 --- a/2020/27xxx/CVE-2020-27652.json +++ b/2020/27xxx/CVE-2020-27652.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_18", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_18" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27653.json b/2020/27xxx/CVE-2020-27653.json index c89d9825353..ddf1497dec6 100644 --- a/2020/27xxx/CVE-2020-27653.json +++ b/2020/27xxx/CVE-2020-27653.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27654.json b/2020/27xxx/CVE-2020-27654.json index 28008c35eba..fb1766282d6 100644 --- a/2020/27xxx/CVE-2020-27654.json +++ b/2020/27xxx/CVE-2020-27654.json @@ -65,7 +65,17 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27658.json b/2020/27xxx/CVE-2020-27658.json index f517c579105..08234bce1bf 100644 --- a/2020/27xxx/CVE-2020-27658.json +++ b/2020/27xxx/CVE-2020-27658.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27744.json b/2020/27xxx/CVE-2020-27744.json index c8e0bf9d234..2839215893f 100644 --- a/2020/27xxx/CVE-2020-27744.json +++ b/2020/27xxx/CVE-2020-27744.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27744", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27744", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114", + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114" } ] } diff --git a/2020/27xxx/CVE-2020-27747.json b/2020/27xxx/CVE-2020-27747.json index 84fcd3d38e8..a0db21e5a34 100644 --- a/2020/27xxx/CVE-2020-27747.json +++ b/2020/27xxx/CVE-2020-27747.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27747", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27747", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.clickstudios.com.au/", + "refsource": "MISC", + "name": "https://www.clickstudios.com.au/" + }, + { + "refsource": "MISC", + "name": "https://github.com/jet-pentest/CVE-2020-27747", + "url": "https://github.com/jet-pentest/CVE-2020-27747" } ] } diff --git a/2020/27xxx/CVE-2020-27885.json b/2020/27xxx/CVE-2020-27885.json index 5db9ac52cbd..e265f807b35 100644 --- a/2020/27xxx/CVE-2020-27885.json +++ b/2020/27xxx/CVE-2020-27885.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27885", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27885", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user\u2019s session by stealing cookies which means that a malicious hacker can change the logged-in user\u2019s password and invalidate the session of the victim while the hacker maintains access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/2020+Advisories", + "url": "https://docs.wso2.com/display/Security/2020+Advisories" + }, + { + "refsource": "MISC", + "name": "https://www.rodrigofavarini.com.br/cybersecurity/multiple-xss-on-api-manager-3-1-0/", + "url": "https://www.rodrigofavarini.com.br/cybersecurity/multiple-xss-on-api-manager-3-1-0/" } ] } diff --git a/2020/27xxx/CVE-2020-27886.json b/2020/27xxx/CVE-2020-27886.json index c990c301f94..957a6027084 100644 --- a/2020/27xxx/CVE-2020-27886.json +++ b/2020/27xxx/CVE-2020-27886.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27886", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27886", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.eyesofnetwork.com/en", + "refsource": "MISC", + "name": "https://www.eyesofnetwork.com/en" + }, + { + "url": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso", + "refsource": "MISC", + "name": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso" + }, + { + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76", + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76" } ] } diff --git a/2020/27xxx/CVE-2020-27887.json b/2020/27xxx/CVE-2020-27887.json index 42d7063542c..f9c077548bc 100644 --- a/2020/27xxx/CVE-2020-27887.json +++ b/2020/27xxx/CVE-2020-27887.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27887", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27887", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.eyesofnetwork.com/en", + "refsource": "MISC", + "name": "https://www.eyesofnetwork.com/en" + }, + { + "url": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso", + "refsource": "MISC", + "name": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso" + }, + { + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76", + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76" } ] } diff --git a/2020/27xxx/CVE-2020-27986.json b/2020/27xxx/CVE-2020-27986.json index 69379d83ab7..1e461a3a3ac 100644 --- a/2020/27xxx/CVE-2020-27986.json +++ b/2020/27xxx/CVE-2020-27986.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is \"it is the administrator's responsibility to configure it.\"" + "value": "** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is \"it is the administrator's responsibility to configure it.\"" } ] }, diff --git a/2020/27xxx/CVE-2020-27993.json b/2020/27xxx/CVE-2020-27993.json new file mode 100644 index 00000000000..9d591db14dd --- /dev/null +++ b/2020/27xxx/CVE-2020-27993.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/48920", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48920" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27994.json b/2020/27xxx/CVE-2020-27994.json new file mode 100644 index 00000000000..7d9f2964863 --- /dev/null +++ b/2020/27xxx/CVE-2020-27994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27995.json b/2020/27xxx/CVE-2020-27995.json new file mode 100644 index 00000000000..9ce973b84fe --- /dev/null +++ b/2020/27xxx/CVE-2020-27995.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/applications_manager/issues.html#v14560" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27996.json b/2020/27xxx/CVE-2020-27996.json new file mode 100644 index 00000000000..82d9f7a1570 --- /dev/null +++ b/2020/27xxx/CVE-2020-27996.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/smartstore/SmartStoreNET/commit/8702c6140f4fc91956ef35dba12d24492fb3f768", + "refsource": "MISC", + "name": "https://github.com/smartstore/SmartStoreNET/commit/8702c6140f4fc91956ef35dba12d24492fb3f768" + }, + { + "url": "https://github.com/smartstore/SmartStoreNET/compare/4.0.0...4.0.1", + "refsource": "MISC", + "name": "https://github.com/smartstore/SmartStoreNET/compare/4.0.0...4.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27997.json b/2020/27xxx/CVE-2020-27997.json new file mode 100644 index 00000000000..1d376aeb021 --- /dev/null +++ b/2020/27xxx/CVE-2020-27997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27998.json b/2020/27xxx/CVE-2020-27998.json new file mode 100644 index 00000000000..f78593d04d8 --- /dev/null +++ b/2020/27xxx/CVE-2020-27998.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FastReports/FastReport/pull/206", + "refsource": "MISC", + "name": "https://github.com/FastReports/FastReport/pull/206" + }, + { + "url": "https://opensource.fast-report.com/2020/09/report-script-security.html", + "refsource": "MISC", + "name": "https://opensource.fast-report.com/2020/09/report-script-security.html" + }, + { + "url": "https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0", + "refsource": "MISC", + "name": "https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27999.json b/2020/27xxx/CVE-2020-27999.json new file mode 100644 index 00000000000..8304097b29d --- /dev/null +++ b/2020/27xxx/CVE-2020-27999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28000.json b/2020/28xxx/CVE-2020-28000.json new file mode 100644 index 00000000000..49dea86c271 --- /dev/null +++ b/2020/28xxx/CVE-2020-28000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4721.json b/2020/4xxx/CVE-2020-4721.json index 00687cae086..74287497260 100644 --- a/2020/4xxx/CVE-2020-4721.json +++ b/2020/4xxx/CVE-2020-4721.json @@ -1,17 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4721" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "UI": "R", + "S": "U", + "PR": "N", + "SCORE": "7.800", + "I": "H", + "AV": "L", + "C": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_format": "MITRE", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i2 Analyst Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-i2-cve20204721-bo (187868)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187868" } ] } diff --git a/2020/4xxx/CVE-2020-4722.json b/2020/4xxx/CVE-2020-4722.json index 5403544544f..7d6aa021075 100644 --- a/2020/4xxx/CVE-2020-4722.json +++ b/2020/4xxx/CVE-2020-4722.json @@ -1,17 +1,92 @@ { - "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "H", + "AV": "L", + "I": "H", + "SCORE": "7.800", + "PR": "N", + "S": "U", + "UI": "R", + "A": "H", + "AC": "L" + } + } + }, "data_format": "MITRE", - "data_version": "4.0", + "data_type": "CVE", "CVE_data_meta": { "ID": "CVE-2020-4722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187870", + "name": "ibm-i2-cve20204722-bo (187870)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i2 Analyst Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.", + "lang": "eng" } ] } diff --git a/2020/4xxx/CVE-2020-4723.json b/2020/4xxx/CVE-2020-4723.json index 37745f23f9f..3fb18d46437 100644 --- a/2020/4xxx/CVE-2020-4723.json +++ b/2020/4xxx/CVE-2020-4723.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.", + "lang": "eng" } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + }, + "product_name": "i2 Analyst Notebook" + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve20204723-bo (187873)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187873" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4723", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "PR": "N", + "SCORE": "7.800", + "AC": "L", + "A": "H", + "UI": "R", + "S": "U", + "I": "H", + "C": "H", + "AV": "L" + } + } + }, + "data_format": "MITRE" } \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4724.json b/2020/4xxx/CVE-2020-4724.json index f6890e7d56d..931db11d61f 100644 --- a/2020/4xxx/CVE-2020-4724.json +++ b/2020/4xxx/CVE-2020-4724.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system." + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6356497", + "name" : "https://www.ibm.com/support/pages/node/6356497" + }, + { + "name" : "ibm-i2-cve20204724-bo (187874)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187874", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.2.1" + }, + { + "version_value" : "9.2.0" + } + ] + }, + "product_name" : "i2 Analyst Notebook" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "PR" : "N", + "SCORE" : "7.800", + "UI" : "R", + "AC" : "L", + "A" : "H", + "S" : "U", + "I" : "H", + "AV" : "L", + "C" : "H" + } + } + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-10-28T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4724" + }, + "data_type" : "CVE" +} diff --git a/2020/4xxx/CVE-2020-4864.json b/2020/4xxx/CVE-2020-4864.json index eea05582d48..b1eabaf5b22 100644 --- a/2020/4xxx/CVE-2020-4864.json +++ b/2020/4xxx/CVE-2020-4864.json @@ -1,17 +1,89 @@ { - "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "AV": "A", + "C": "N", + "I": "L", + "S": "U", + "A": "N", + "AC": "L", + "UI": "N", + "SCORE": "4.300", + "PR": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, "CVE_data_meta": { "ID": "CVE-2020-4864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-28T00:00:00" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Bypass Security", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356441 (Resilient OnPrem)", + "name": "https://www.ibm.com/support/pages/node/6356441", + "url": "https://www.ibm.com/support/pages/node/6356441" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-resilient-cve20204864-spoofing (190567)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190567" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Resilient OnPrem", + "version": { + "version_data": [ + { + "version_value": "38" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.", + "lang": "eng" } ] } diff --git a/2020/5xxx/CVE-2020-5504.json b/2020/5xxx/CVE-2020-5504.json index f4a028a29d1..fe907667d1c 100644 --- a/2020/5xxx/CVE-2020-5504.json +++ b/2020/5xxx/CVE-2020-5504.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html" } ] } diff --git a/2020/5xxx/CVE-2020-5652.json b/2020/5xxx/CVE-2020-5652.json index 51ff3e4af6a..85be43102da 100644 --- a/2020/5xxx/CVE-2020-5652.json +++ b/2020/5xxx/CVE-2020-5652.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R, Q and L series", + "version": { + "version_data": [ + { + "version_value": "R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier, Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, and L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU96558207/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition ." } ] } diff --git a/2020/5xxx/CVE-2020-5653.json b/2020/5xxx/CVE-2020-5653.json index 3d1224a255e..e64cf01bef2 100644 --- a/2020/5xxx/CVE-2020-5653.json +++ b/2020/5xxx/CVE-2020-5653.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5654.json b/2020/5xxx/CVE-2020-5654.json index ed3bd2cdbe9..5a07327a42e 100644 --- a/2020/5xxx/CVE-2020-5654.json +++ b/2020/5xxx/CVE-2020-5654.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session fixation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5655.json b/2020/5xxx/CVE-2020-5655.json index 11927b636c4..1591d02444f 100644 --- a/2020/5xxx/CVE-2020-5655.json +++ b/2020/5xxx/CVE-2020-5655.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5656.json b/2020/5xxx/CVE-2020-5656.json index 890c75b5d1e..6d1fb53a238 100644 --- a/2020/5xxx/CVE-2020-5656.json +++ b/2020/5xxx/CVE-2020-5656.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5657.json b/2020/5xxx/CVE-2020-5657.json index 20daa1dd622..43d1f47138e 100644 --- a/2020/5xxx/CVE-2020-5657.json +++ b/2020/5xxx/CVE-2020-5657.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5658.json b/2020/5xxx/CVE-2020-5658.json index 13c8630e5b5..71e6b23e911 100644 --- a/2020/5xxx/CVE-2020-5658.json +++ b/2020/5xxx/CVE-2020-5658.json @@ -4,15 +4,62 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." } ] } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5931.json b/2020/5xxx/CVE-2020-5931.json index 64fc3e26c3f..0f430ce986f 100644 --- a/2020/5xxx/CVE-2020-5931.json +++ b/2020/5xxx/CVE-2020-5931.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, 11.6.1-11.6.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K25400442", + "url": "https://support.f5.com/csp/article/K25400442" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart." } ] } diff --git a/2020/5xxx/CVE-2020-5932.json b/2020/5xxx/CVE-2020-5932.json index 46153dffb0b..fc80172f02b 100644 --- a/2020/5xxx/CVE-2020-5932.json +++ b/2020/5xxx/CVE-2020-5932.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K12002065", + "url": "https://support.f5.com/csp/article/K12002065" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened." } ] } diff --git a/2020/5xxx/CVE-2020-5933.json b/2020/5xxx/CVE-2020-5933.json index 9d029446011..2ce28f4b2f4 100644 --- a/2020/5xxx/CVE-2020-5933.json +++ b/2020/5xxx/CVE-2020-5933.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K26244025", + "url": "https://support.f5.com/csp/article/K26244025" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system." } ] } diff --git a/2020/5xxx/CVE-2020-5934.json b/2020/5xxx/CVE-2020-5934.json index 5ed3926a61e..edf1c48226c 100644 --- a/2020/5xxx/CVE-2020-5934.json +++ b/2020/5xxx/CVE-2020-5934.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K44808538", + "url": "https://support.f5.com/csp/article/K44808538" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted." } ] } diff --git a/2020/5xxx/CVE-2020-5935.json b/2020/5xxx/CVE-2020-5935.json index c4ed97db258..0cc34013f33 100644 --- a/2020/5xxx/CVE-2020-5935.json +++ b/2020/5xxx/CVE-2020-5935.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM)", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K62830532", + "url": "https://support.f5.com/csp/article/K62830532" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file." } ] } diff --git a/2020/5xxx/CVE-2020-5936.json b/2020/5xxx/CVE-2020-5936.json index 53bc85b54b5..87596e299a6 100644 --- a/2020/5xxx/CVE-2020-5936.json +++ b/2020/5xxx/CVE-2020-5936.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K44020030", + "url": "https://support.f5.com/csp/article/K44020030" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile." } ] } diff --git a/2020/7xxx/CVE-2020-7759.json b/2020/7xxx/CVE-2020-7759.json index 75fb7e212fe..24ec20738bf 100644 --- a/2020/7xxx/CVE-2020-7759.json +++ b/2020/7xxx/CVE-2020-7759.json @@ -3,16 +3,92 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2020-10-30T10:53:39.750312Z", "ID": "CVE-2020-7759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SQL Injection" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pimcore/pimcore", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "6.7.2" + }, + { + "version_affected": "<", + "version_value": "6.8.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1017405" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/pimcore/pimcore/pull/7315" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{\"keyId\"%3a\"''\",\"groupId\"%3a\"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+\"}]\n" } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Daniele Scanu" + } + ] } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7760.json b/2020/7xxx/CVE-2020-7760.json index c268c14469b..66ba82bbc7c 100644 --- a/2020/7xxx/CVE-2020-7760.json +++ b/2020/7xxx/CVE-2020-7760.json @@ -3,16 +3,130 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2020-10-30T11:07:07.654911Z", "ID": "CVE-2020-7760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Regular Expression Denial of Service (ReDoS)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "codemirror", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.58.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + }, + { + "product": { + "product_data": [ + { + "product_name": "org.apache.marmotta.webjars:codemirror", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.58.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Regular Expression Denial of Service (ReDoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2.\n The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*\r\n\r\n" } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Yeting Li" + } + ] } \ No newline at end of file