diff --git a/2015/1xxx/CVE-2015-1809.json b/2015/1xxx/CVE-2015-1809.json index f2366d0f6c5..910964f26f7 100644 --- a/2015/1xxx/CVE-2015-1809.json +++ b/2015/1xxx/CVE-2015-1809.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1809", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CloudBees", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "before 1.600" + } + ] + } + }, + { + "product_name": "Jenkins LTS", + "version": { + "version_data": [ + { + "version_value": "before 1.596.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625" + }, + { + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2015-02-27/", + "url": "https://jenkins.io/security/advisory/2015-02-27/" } ] } diff --git a/2015/1xxx/CVE-2015-1811.json b/2015/1xxx/CVE-2015-1811.json index f0ccf7aeb5d..ac385f6c21f 100644 --- a/2015/1xxx/CVE-2015-1811.json +++ b/2015/1xxx/CVE-2015-1811.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1811", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CloudBees", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "before 1.600" + } + ] + } + }, + { + "product_name": "Jenkins LTS", + "version": { + "version_data": [ + { + "version_value": "before 1.596.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632" + }, + { + "refsource": "CONFIRM", + "name": "https://jenkins.io/security/advisory/2015-02-27/", + "url": "https://jenkins.io/security/advisory/2015-02-27/" } ] } diff --git a/2015/6xxx/CVE-2015-6591.json b/2015/6xxx/CVE-2015-6591.json index 31486e4cc35..5e3636e6c3f 100644 --- a/2015/6xxx/CVE-2015-6591.json +++ b/2015/6xxx/CVE-2015-6591.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6591", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html", + "url": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html" } ] } diff --git a/2017/17xxx/CVE-2017-17309.json b/2017/17xxx/CVE-2017-17309.json index 4696dc4887c..41c1144e033 100644 --- a/2017/17xxx/CVE-2017-17309.json +++ b/2017/17xxx/CVE-2017-17309.json @@ -56,6 +56,11 @@ "name": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html" } ] } diff --git a/2018/17xxx/CVE-2018-17196.json b/2018/17xxx/CVE-2018-17196.json index fb7111e47b1..bce84bca733 100644 --- a/2018/17xxx/CVE-2018-17196.json +++ b/2018/17xxx/CVE-2018-17196.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)", + "url": "https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index c730e1f10ad..40417662e27 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[kafka-dev] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9%40%3Cdev.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)", + "url": "https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E" } ] }, diff --git a/2019/15xxx/CVE-2019-15165.json b/2019/15xxx/CVE-2019-15165.json index 5430793117b..2779244bbbb 100644 --- a/2019/15xxx/CVE-2019-15165.json +++ b/2019/15xxx/CVE-2019-15165.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "UBUNTU", + "name": "USN-4221-2", + "url": "https://usn.ubuntu.com/4221-2/" } ] } diff --git a/2019/1xxx/CVE-2019-1551.json b/2019/1xxx/CVE-2019-1551.json index 80808a229bc..acb87074fcd 100644 --- a/2019/1xxx/CVE-2019-1551.json +++ b/2019/1xxx/CVE-2019-1551.json @@ -114,6 +114,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0062", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html" } ] } diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index 51d1ad2dd03..291c4a53ed3 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index efc53a1dc65..622355569c6 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 0ca318a6c37..428df80ad9c 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index 81e975b2593..cba2f3817bf 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index 6da437e8dba..2246e5fcab4 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index ee1922071a6..2aa1301be16 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] } diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index 9c66003c84d..bf9d32f294e 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" } ] }