diff --git a/2019/19xxx/CVE-2019-19319.json b/2019/19xxx/CVE-2019-19319.json index 111426da398..27c3df4d515 100644 --- a/2019/19xxx/CVE-2019-19319.json +++ b/2019/19xxx/CVE-2019-19319.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4698", "url": "https://www.debian.org/security/2020/dsa-4698" + }, + { + "refsource": "UBUNTU", + "name": "USN-4391-1", + "url": "https://usn.ubuntu.com/4391-1/" } ] } diff --git a/2020/0xxx/CVE-2020-0543.json b/2020/0xxx/CVE-2020-0543.json index d678d6dbba5..308b836abce 100644 --- a/2020/0xxx/CVE-2020-0543.json +++ b/2020/0xxx/CVE-2020-0543.json @@ -98,6 +98,11 @@ "refsource": "UBUNTU", "name": "USN-4390-1", "url": "https://usn.ubuntu.com/4390-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4391-1", + "url": "https://usn.ubuntu.com/4391-1/" } ] }, diff --git a/2020/10xxx/CVE-2020-10751.json b/2020/10xxx/CVE-2020-10751.json index 480a3ad1b25..5f7e9e32a4f 100644 --- a/2020/10xxx/CVE-2020-10751.json +++ b/2020/10xxx/CVE-2020-10751.json @@ -108,6 +108,11 @@ "refsource": "UBUNTU", "name": "USN-4390-1", "url": "https://usn.ubuntu.com/4390-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4391-1", + "url": "https://usn.ubuntu.com/4391-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11098.json b/2020/11xxx/CVE-2020-11098.json index 0fac9e1b0dc..f9b9a733b81 100644 --- a/2020/11xxx/CVE-2020-11098.json +++ b/2020/11xxx/CVE-2020-11098.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put.\n\nThis affects all FreeRDP clients with `+glyph-cache` option enabled\n\nThis is fixed in version 2.1.2." + "value": "In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2." } ] }, @@ -69,6 +69,11 @@ }, "references": { "reference_data": [ + { + "name": "http://www.freerdp.com/2020/06/22/2_1_2-released", + "refsource": "MISC", + "url": "http://www.freerdp.com/2020/06/22/2_1_2-released" + }, { "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv", "refsource": "CONFIRM", @@ -78,11 +83,6 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d" - }, - { - "name": "http://www.freerdp.com/2020/06/22/2_1_2-released", - "refsource": "MISC", - "url": "http://www.freerdp.com/2020/06/22/2_1_2-released" } ] }, diff --git a/2020/11xxx/CVE-2020-11099.json b/2020/11xxx/CVE-2020-11099.json index 93a632ca97e..2abf681e0a1 100644 --- a/2020/11xxx/CVE-2020-11099.json +++ b/2020/11xxx/CVE-2020-11099.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer.\n\nThis is fixed in version 2.1.2." + "value": "In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2." } ] }, diff --git a/2020/12xxx/CVE-2020-12114.json b/2020/12xxx/CVE-2020-12114.json index d15c2a7f484..15030dcc7f8 100644 --- a/2020/12xxx/CVE-2020-12114.json +++ b/2020/12xxx/CVE-2020-12114.json @@ -116,6 +116,11 @@ "refsource": "UBUNTU", "name": "USN-4390-1", "url": "https://usn.ubuntu.com/4390-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4391-1", + "url": "https://usn.ubuntu.com/4391-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12464.json b/2020/12xxx/CVE-2020-12464.json index fb6c117d0f0..1ab9af1190e 100644 --- a/2020/12xxx/CVE-2020-12464.json +++ b/2020/12xxx/CVE-2020-12464.json @@ -131,6 +131,11 @@ "refsource": "UBUNTU", "name": "USN-4390-1", "url": "https://usn.ubuntu.com/4390-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4391-1", + "url": "https://usn.ubuntu.com/4391-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12769.json b/2020/12xxx/CVE-2020-12769.json index 2ace2f9dd05..c3bd7273684 100644 --- a/2020/12xxx/CVE-2020-12769.json +++ b/2020/12xxx/CVE-2020-12769.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0801", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4391-1", + "url": "https://usn.ubuntu.com/4391-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12826.json b/2020/12xxx/CVE-2020-12826.json index 5334f3bae2f..b7c20d0814e 100644 --- a/2020/12xxx/CVE-2020-12826.json +++ b/2020/12xxx/CVE-2020-12826.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4391-1", + "url": "https://usn.ubuntu.com/4391-1/" } ] } diff --git a/2020/14xxx/CVE-2020-14943.json b/2020/14xxx/CVE-2020-14943.json index a7102be7a5a..0ba1b1a5082 100644 --- a/2020/14xxx/CVE-2020-14943.json +++ b/2020/14xxx/CVE-2020-14943.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14943", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14943", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14943%20-%20Stored%20XSS.md", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14943%20-%20Stored%20XSS.md" } ] } diff --git a/2020/14xxx/CVE-2020-14944.json b/2020/14xxx/CVE-2020-14944.json index 7fb48f3669c..559120522e7 100644 --- a/2020/14xxx/CVE-2020-14944.json +++ b/2020/14xxx/CVE-2020-14944.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14944", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14944", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md" } ] } diff --git a/2020/14xxx/CVE-2020-14945.json b/2020/14xxx/CVE-2020-14945.json index 44379293cae..81b24c17560 100644 --- a/2020/14xxx/CVE-2020-14945.json +++ b/2020/14xxx/CVE-2020-14945.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14945", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14945", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md" } ] } diff --git a/2020/14xxx/CVE-2020-14946.json b/2020/14xxx/CVE-2020-14946.json index cb29b0f0e97..f6168644d14 100644 --- a/2020/14xxx/CVE-2020-14946.json +++ b/2020/14xxx/CVE-2020-14946.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14946", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14946", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14946%20-%20Local%20File%20Inclusion.md", + "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14946%20-%20Local%20File%20Inclusion.md" } ] }