diff --git a/2013/7xxx/CVE-2013-7286.json b/2013/7xxx/CVE-2013-7286.json index baeac80c97a..0c69ebde33b 100644 --- a/2013/7xxx/CVE-2013-7286.json +++ b/2013/7xxx/CVE-2013-7286.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7286", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2014/Apr/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Apr/21" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92352", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92352" } ] } diff --git a/2014/3xxx/CVE-2014-3860.json b/2014/3xxx/CVE-2014-3860.json index a5714a67db5..e5ed3360d78 100644 --- a/2014/3xxx/CVE-2014-3860.json +++ b/2014/3xxx/CVE-2014-3860.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3860", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/126882/Xilisoft-Video-Converter-Ultimate-7.8.1-build-20140505-DLL-Hijacking.html" } ] } diff --git a/2018/14xxx/CVE-2018-14553.json b/2018/14xxx/CVE-2018-14553.json index ca471e7a3f8..7bfad2e090c 100644 --- a/2018/14xxx/CVE-2018-14553.json +++ b/2018/14xxx/CVE-2018-14553.json @@ -62,11 +62,6 @@ "name": "https://github.com/libgd/libgd/pull/580", "url": "https://github.com/libgd/libgd/pull/580" }, - { - "refsource": "MISC", - "name": "https://github.com/fcabralpacheco/libgd/commit/441cbfed60ebf6cb63b8ce120ed0a82b15e7aaf8", - "url": "https://github.com/fcabralpacheco/libgd/commit/441cbfed60ebf6cb63b8ce120ed0a82b15e7aaf8" - }, { "refsource": "MISC", "name": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f", diff --git a/2019/11xxx/CVE-2019-11867.json b/2019/11xxx/CVE-2019-11867.json index 4a20927c3e3..fb12ffe9f5a 100644 --- a/2019/11xxx/CVE-2019-11867.json +++ b/2019/11xxx/CVE-2019-11867.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11867", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11867", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://downwithup.github.io/CVEPosts.html", + "url": "https://downwithup.github.io/CVEPosts.html" + }, + { + "url": "https://www.realtek.cz/realtek-network-drivers.html", + "refsource": "MISC", + "name": "https://www.realtek.cz/realtek-network-drivers.html" } ] } diff --git a/2019/16xxx/CVE-2019-16336.json b/2019/16xxx/CVE-2019-16336.json new file mode 100644 index 00000000000..b3a5cc05a30 --- /dev/null +++ b/2019/16xxx/CVE-2019-16336.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.cypress.com/thread/48573", + "refsource": "MISC", + "name": "https://community.cypress.com/thread/48573" + }, + { + "refsource": "MISC", + "name": "https://asset-group.github.io/disclosures/sweyntooth/", + "url": "https://asset-group.github.io/disclosures/sweyntooth/" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=Iw8sIBLWE_w", + "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8945.json b/2020/8xxx/CVE-2020-8945.json new file mode 100644 index 00000000000..07d8571f698 --- /dev/null +++ b/2020/8xxx/CVE-2020-8945.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/proglottis/gpgme/pull/23", + "refsource": "MISC", + "name": "https://github.com/proglottis/gpgme/pull/23" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1795838" + }, + { + "url": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1", + "refsource": "MISC", + "name": "https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1" + }, + { + "url": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1", + "refsource": "MISC", + "name": "https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8946.json b/2020/8xxx/CVE-2020-8946.json new file mode 100644 index 00000000000..94914b2154a --- /dev/null +++ b/2020/8xxx/CVE-2020-8946.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/02/netis-authenticated-rce-on-wf2471.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/02/netis-authenticated-rce-on-wf2471.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8947.json b/2020/8xxx/CVE-2020-8947.json new file mode 100644 index 00000000000..10d5fa8017b --- /dev/null +++ b/2020/8xxx/CVE-2020-8947.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://engindemirbilek.github.io/pandorafms-rce", + "refsource": "MISC", + "name": "https://engindemirbilek.github.io/pandorafms-rce" + }, + { + "url": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/pandorafms-rce.html", + "refsource": "MISC", + "name": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/pandorafms-rce.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8948.json b/2020/8xxx/CVE-2020-8948.json new file mode 100644 index 00000000000..13ee4821a5c --- /dev/null +++ b/2020/8xxx/CVE-2020-8948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file