diff --git a/2019/14xxx/CVE-2019-14894.json b/2019/14xxx/CVE-2019-14894.json index cf4c0194ab4..b0609e2b429 100644 --- a/2019/14xxx/CVE-2019-14894.json +++ b/2019/14xxx/CVE-2019-14894.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14894", - "ASSIGNER": "darunesh@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -18,10 +19,10 @@ "version": { "version_data": [ { - "version_value": "5.10" - }, + "version_value": "5.10" + }, { - "version_value": "5.11" + "version_value": "5.11" } ] } @@ -79,4 +80,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10736.json b/2020/10xxx/CVE-2020-10736.json index bf6e16399d3..51d0193d441 100644 --- a/2020/10xxx/CVE-2020-10736.json +++ b/2020/10xxx/CVE-2020-10736.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10736", - "ASSIGNER": "darunesh@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -18,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "15.2.0" + "version_value": "15.2.0 before 15.2.2" } ] } @@ -49,7 +50,9 @@ "refsource": "CONFIRM" }, { - "url": "https://ceph.io/releases/v15-2-2-octopus-released/" + "url": "https://ceph.io/releases/v15-2-2-octopus-released/", + "refsource": "MISC", + "name": "https://ceph.io/releases/v15-2-2-octopus-released/" } ] }, @@ -71,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10740.json b/2020/10xxx/CVE-2020-10740.json index fdc4c8f17b1..deff98467be 100644 --- a/2020/10xxx/CVE-2020-10740.json +++ b/2020/10xxx/CVE-2020-10740.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10740", - "ASSIGNER": "darunesh@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11519.json b/2020/11xxx/CVE-2020-11519.json index ead0c920340..b146574e917 100644 --- a/2020/11xxx/CVE-2020-11519.json +++ b/2020/11xxx/CVE-2020-11519.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11519", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11519", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\\\.\\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2/", + "url": "https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2/" } ] } diff --git a/2020/11xxx/CVE-2020-11520.json b/2020/11xxx/CVE-2020-11520.json index c14bd4d858c..0e8aa8cad26 100644 --- a/2020/11xxx/CVE-2020-11520.json +++ b/2020/11xxx/CVE-2020-11520.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11520", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11520", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2/", + "url": "https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2/" } ] } diff --git a/2020/13xxx/CVE-2020-13158.json b/2020/13xxx/CVE-2020-13158.json index 9f9574c3445..adf130bdb68 100644 --- a/2020/13xxx/CVE-2020-13158.json +++ b/2020/13xxx/CVE-2020-13158.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13158", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13158", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/InfoSec4Fun/CVE-2020-13158", + "url": "https://github.com/InfoSec4Fun/CVE-2020-13158" } ] } diff --git a/2020/13xxx/CVE-2020-13159.json b/2020/13xxx/CVE-2020-13159.json index 58a1166c117..40caab1fe4c 100644 --- a/2020/13xxx/CVE-2020-13159.json +++ b/2020/13xxx/CVE-2020-13159.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13159", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13159", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/projects/artica-squid/files/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/artica-squid/files/" + }, + { + "refsource": "MISC", + "name": "https://github.com/InfoSec4Fun/CVE-2020-13159", + "url": "https://github.com/InfoSec4Fun/CVE-2020-13159" } ] } diff --git a/2020/13xxx/CVE-2020-13426.json b/2020/13xxx/CVE-2020-13426.json index 3f6cbed2e5a..5c87c75c4c8 100644 --- a/2020/13xxx/CVE-2020-13426.json +++ b/2020/13xxx/CVE-2020-13426.json @@ -1,17 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/UnD3sc0n0c1d0", + "refsource": "MISC", + "name": "https://twitter.com/UnD3sc0n0c1d0" + }, + { + "url": "https://wordpress.org/plugins/multi-scheduler/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/multi-scheduler/#developers" + }, + { + "refsource": "MISC", + "name": "https://infayer.com/archivos/448", + "url": "https://infayer.com/archivos/448" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/48532" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.html", + "url": "https://packetstormsecurity.com/files/157867/WordPress-Multi-Scheduler-1.0.0-Cross-Site-Request-Forgery.html" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2020050235", + "url": "https://cxsecurity.com/issue/WLB-2020050235" + }, + { + "refsource": "MISC", + "name": "https://0day.today/exploit/34496", + "url": "https://0day.today/exploit/34496" + }, + { + "refsource": "MISC", + "name": "https://research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-user", + "url": "https://research-labs.net/search/exploits/wordpress-plugin-multi-scheduler-100-cross-site-request-forgery-delete-user" } ] } diff --git a/2020/13xxx/CVE-2020-13427.json b/2020/13xxx/CVE-2020-13427.json index 256130a27d2..1ef2e4cd38c 100644 --- a/2020/13xxx/CVE-2020-13427.json +++ b/2020/13xxx/CVE-2020-13427.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/VictorAlagwu/CMSsite/commits/master", + "refsource": "MISC", + "name": "https://github.com/VictorAlagwu/CMSsite/commits/master" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48511", + "url": "https://www.exploit-db.com/exploits/48511" } ] } diff --git a/2020/13xxx/CVE-2020-13480.json b/2020/13xxx/CVE-2020-13480.json index c3478d070fa..550c2ac65f8 100644 --- a/2020/13xxx/CVE-2020-13480.json +++ b/2020/13xxx/CVE-2020-13480.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13480", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13480", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the \"send email\" feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://cvewalkthrough.com/cve-2020-13480html-injection", + "url": "http://cvewalkthrough.com/cve-2020-13480html-injection" + }, + { + "refsource": "MISC", + "name": "https://tejaspingulkar.blogspot.com/2020/06/cve-2020-13480-verint-html-injection.html", + "url": "https://tejaspingulkar.blogspot.com/2020/06/cve-2020-13480-verint-html-injection.html" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=11ghigOu-K0", + "url": "https://www.youtube.com/watch?v=11ghigOu-K0" } ] } diff --git a/2020/14xxx/CVE-2020-14049.json b/2020/14xxx/CVE-2020-14049.json index 85c695e0688..93622672aee 100644 --- a/2020/14xxx/CVE-2020-14049.json +++ b/2020/14xxx/CVE-2020-14049.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.viber.com/en/security/", + "refsource": "MISC", + "name": "https://www.viber.com/en/security/" + }, + { + "refsource": "MISC", + "name": "https://jeffs.sh/CVEs/CVE-2020-14049.txt", + "url": "https://jeffs.sh/CVEs/CVE-2020-14049.txt" } ] } diff --git a/2020/14xxx/CVE-2020-14159.json b/2020/14xxx/CVE-2020-14159.json index 77f1c5706c5..3c91e3ea4d5 100644 --- a/2020/14xxx/CVE-2020-14159.json +++ b/2020/14xxx/CVE-2020-14159.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14159", "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ID": "CVE-2020-14159", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-13983. Reason: This candidate is a duplicate of CVE-2020-13983. Notes: All CVE users should reference CVE-2020-13983 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + "value": "By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.connectwise.com/company/trust#tab1", + "refsource": "MISC", + "name": "https://www.connectwise.com/company/trust#tab1" } ] } diff --git a/2020/14xxx/CVE-2020-14972.json b/2020/14xxx/CVE-2020-14972.json index 8322683cb5a..6fb766a342b 100644 --- a/2020/14xxx/CVE-2020-14972.json +++ b/2020/14xxx/CVE-2020-14972.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14972", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14972", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com", + "refsource": "MISC", + "name": "https://www.sourcecodester.com" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48439", + "url": "https://www.exploit-db.com/exploits/48439" } ] } diff --git a/2020/14xxx/CVE-2020-14973.json b/2020/14xxx/CVE-2020-14973.json index cb04a75dbbe..fa7d993c315 100644 --- a/2020/14xxx/CVE-2020-14973.json +++ b/2020/14xxx/CVE-2020-14973.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14973", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14973", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/webtareas/blog/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/webtareas/blog/" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/157608/WebTareas-2.0p8-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/157608/WebTareas-2.0p8-Cross-Site-Scripting.html" } ] } diff --git a/2020/14xxx/CVE-2020-14980.json b/2020/14xxx/CVE-2020-14980.json index b0c94121972..e64c04be3d4 100644 --- a/2020/14xxx/CVE-2020-14980.json +++ b/2020/14xxx/CVE-2020-14980.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14980", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14980", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.info-sec.ca/advisories/Sophos-Secure-Email.html", + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories/Sophos-Secure-Email.html" } ] } diff --git a/2020/14xxx/CVE-2020-14981.json b/2020/14xxx/CVE-2020-14981.json index 2bf4a62cbf7..d604c14db65 100644 --- a/2020/14xxx/CVE-2020-14981.json +++ b/2020/14xxx/CVE-2020-14981.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14981", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14981", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.info-sec.ca/advisories/Vipre-Password-Vault.html", + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories/Vipre-Password-Vault.html" } ] } diff --git a/2020/8xxx/CVE-2020-8619.json b/2020/8xxx/CVE-2020-8619.json index fcc10bd8e75..5dcb72473ad 100644 --- a/2020/8xxx/CVE-2020-8619.json +++ b/2020/8xxx/CVE-2020-8619.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "ISC", "product": { "product_data": [ { @@ -17,46 +18,22 @@ "version": { "version_data": [ { - "version_affected": ">=", - "version_name": "9.11 Branch", - "version_value": "9.11.14" + "version_value": "9.11.14 through versions before 9.11.20" }, { - "version_affected": "<", - "version_name": "9.11 Branch", - "version_value": "9.11.20" + "version_value": "9.16.0 through versions before 9.16.4" }, { - "version_affected": ">=", - "version_name": "9.16 Branch", - "version_value": "9.16.0" + "version_value": "9.11.14-S1 through versions before 9.11.20-S1" }, { - "version_affected": "<", - "version_name": "9.16 Branch", - "version_value": "9.16.4" - }, - { - "version_affected": ">=", - "version_name": "9.11-S Branch", - "version_value": "9.11.14-S1" - }, - { - "version_affected": "<", - "version_name": "9.11-S Branch", - "version_value": "9.11.20-S1" - }, - { - "version_affected": ">=", - "version_name": "9.14 Branch", - "version_value": "9.14.9" + "version_value": "9.14.9 through versions 9.14.12" } ] } } ] - }, - "vendor_name": "ISC" + } } ] } @@ -68,7 +45,7 @@ "description_data": [ { "lang": "eng", - "value": "In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3. 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (\"*\") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable." + "value": "In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (\"*\") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable." } ] }, @@ -127,4 +104,4 @@ "value": "None" } ] -} +} \ No newline at end of file