diff --git a/2017/18xxx/CVE-2017-18640.json b/2017/18xxx/CVE-2017-18640.json index 136c5a5bc0e..59b90af0c0f 100644 --- a/2017/18xxx/CVE-2017-18640.json +++ b/2017/18xxx/CVE-2017-18640.json @@ -191,6 +191,16 @@ "refsource": "MLIST", "name": "[atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640", "url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix", + "url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix", + "url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E" } ] } diff --git a/2018/11xxx/CVE-2018-11765.json b/2018/11xxx/CVE-2018-11765.json index 88991f28cf7..c0e5199b162 100644 --- a/2018/11xxx/CVE-2018-11765.json +++ b/2018/11xxx/CVE-2018-11765.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11765", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11765", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_value": "Apache Hadoop 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r2c7f899911a04164ed1707083fcd4135f8427e04778c87d83509b0da%40%3Cgeneral.hadoop.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r2c7f899911a04164ed1707083fcd4135f8427e04778c87d83509b0da%40%3Cgeneral.hadoop.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled." } ] } diff --git a/2019/15xxx/CVE-2019-15947.json b/2019/15xxx/CVE-2019-15947.json index 9664e7f8e41..48f9e7ce0b4 100644 --- a/2019/15xxx/CVE-2019-15947.json +++ b/2019/15xxx/CVE-2019-15947.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/bitcoin/bitcoin/issues/16824", "url": "https://github.com/bitcoin/bitcoin/issues/16824" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202009-18", + "url": "https://security.gentoo.org/glsa/202009-18" } ] } diff --git a/2019/18xxx/CVE-2019-18989.json b/2019/18xxx/CVE-2019-18989.json new file mode 100644 index 00000000000..da089003f7f --- /dev/null +++ b/2019/18xxx/CVE-2019-18989.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/", + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18990.json b/2019/18xxx/CVE-2019-18990.json new file mode 100644 index 00000000000..1d8833dfd55 --- /dev/null +++ b/2019/18xxx/CVE-2019-18990.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/", + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18991.json b/2019/18xxx/CVE-2019-18991.json new file mode 100644 index 00000000000..98f598a34f7 --- /dev/null +++ b/2019/18xxx/CVE-2019-18991.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/", + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10663.json b/2020/10xxx/CVE-2020-10663.json index 03f985d1653..efcb307ba9d 100644 --- a/2020/10xxx/CVE-2020-10663.json +++ b/2020/10xxx/CVE-2020-10663.json @@ -101,6 +101,21 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", "url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", + "url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", + "url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", + "url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E" } ] } diff --git a/2020/12xxx/CVE-2020-12113.json b/2020/12xxx/CVE-2020-12113.json index d4d4b678ac4..a04dd74b056 100644 --- a/2020/12xxx/CVE-2020-12113.json +++ b/2020/12xxx/CVE-2020-12113.json @@ -61,6 +61,11 @@ "url": "https://github.com/bigbluebutton/bigbluebutton/pull/9017", "refsource": "MISC", "name": "https://github.com/bigbluebutton/bigbluebutton/pull/9017" + }, + { + "refsource": "MISC", + "name": "https://www.sakshamanand.com/cve-2020-12113/", + "url": "https://www.sakshamanand.com/cve-2020-12113/" } ] } diff --git a/2020/12xxx/CVE-2020-12505.json b/2020/12xxx/CVE-2020-12505.json index 4b593c0b171..3b50ae2be67 100644 --- a/2020/12xxx/CVE-2020-12505.json +++ b/2020/12xxx/CVE-2020-12505.json @@ -113,7 +113,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication.\nThis issue affects:\nWAGO 750-852\nversion FW07 and prior versions.\nWAGO 750-880/xxx-xxx\nversion FW07 and prior versions.\nWAGO 750-881\nversion FW07 and prior versions.\nWAGO 750-831/xxx-xxx\nversion FW07 and prior versions.\nWAGO 750-882\nversion FW07 and prior versions.\nWAGO 750-885/xxx-xxx\nversion FW07 and prior versions.\nWAGO 750-889\nversion FW07 and prior versions." + "value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions." } ] }, diff --git a/2020/12xxx/CVE-2020-12506.json b/2020/12xxx/CVE-2020-12506.json index a9309e7ff84..f05e027f745 100644 --- a/2020/12xxx/CVE-2020-12506.json +++ b/2020/12xxx/CVE-2020-12506.json @@ -113,7 +113,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication\nThis issue affects:\nWAGO 750-362\nversion FW03 and prior versions.\nWAGO 750-363\nversion FW03 and prior versions.\nWAGO 750-823\nversion FW03 and prior versions.\nWAGO 750-832/xxx-xxx\nversion FW03 and prior versions.\nWAGO 750-862\nversion FW03 and prior versions.\nWAGO 750-891\nversion FW03 and prior versions.\nWAGO 750-890/xxx-xxx\nversion FW03 and prior versions." + "value": "Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version FW03 and prior versions. WAGO 750-823 version FW03 and prior versions. WAGO 750-832/xxx-xxx version FW03 and prior versions. WAGO 750-862 version FW03 and prior versions. WAGO 750-891 version FW03 and prior versions. WAGO 750-890/xxx-xxx version FW03 and prior versions." } ] }, diff --git a/2020/12xxx/CVE-2020-12811.json b/2020/12xxx/CVE-2020-12811.json index 775681724cf..47073902877 100644 --- a/2020/12xxx/CVE-2020-12811.json +++ b/2020/12xxx/CVE-2020-12811.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3 ; FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3" + "version_value": "FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3 ; FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3" } ] } diff --git a/2020/13xxx/CVE-2020-13951.json b/2020/13xxx/CVE-2020-13951.json index 393c3bf8923..ce7d4f84dcf 100644 --- a/2020/13xxx/CVE-2020-13951.json +++ b/2020/13xxx/CVE-2020-13951.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13951", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache OpenMeetings", + "version": { + "version_data": [ + { + "version_value": "Apache OpenMeetings 4.0.0 - 5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E", + "url": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack." } ] } diff --git a/2020/13xxx/CVE-2020-13953.json b/2020/13xxx/CVE-2020-13953.json index b7289443158..72194a3b02b 100644 --- a/2020/13xxx/CVE-2020-13953.json +++ b/2020/13xxx/CVE-2020-13953.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Tapestry", + "version": { + "version_data": [ + { + "version_value": "Apache Tapestry from 5.4.0 to 5.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run." } ] } diff --git a/2020/14xxx/CVE-2020-14198.json b/2020/14xxx/CVE-2020-14198.json index 0fb1955d390..9e874c04d50 100644 --- a/2020/14xxx/CVE-2020-14198.json +++ b/2020/14xxx/CVE-2020-14198.json @@ -61,6 +61,11 @@ "url": "https://github.com/bitcoin/bitcoin/commits/master", "refsource": "MISC", "name": "https://github.com/bitcoin/bitcoin/commits/master" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202009-18", + "url": "https://security.gentoo.org/glsa/202009-18" } ] } diff --git a/2020/14xxx/CVE-2020-14342.json b/2020/14xxx/CVE-2020-14342.json index 8b109739335..bf88b6779a2 100644 --- a/2020/14xxx/CVE-2020-14342.json +++ b/2020/14xxx/CVE-2020-14342.json @@ -58,6 +58,11 @@ "refsource": "GENTOO", "name": "GLSA-202009-16", "url": "https://security.gentoo.org/glsa/202009-16" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00109.html" } ] }, diff --git a/2020/14xxx/CVE-2020-14390.json b/2020/14xxx/CVE-2020-14390.json index 5f0e3fcd829..093755677c9 100644 --- a/2020/14xxx/CVE-2020-14390.json +++ b/2020/14xxx/CVE-2020-14390.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Linux Kernel", + "product_name": "kernel", "version": { "version_data": [ { - "version_value": "2.2.3 to 5.9.rc5" + "version_value": "Linux kernel versions before 5.9-rc6" } ] } @@ -46,23 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://seclists.org/oss-sec/2020/q3/174", - "url": "https://seclists.org/oss-sec/2020/q3/174" - }, - { - "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2020/09/15/2", - "url": "https://www.openwall.com/lists/oss-security/2020/09/15/2" - }, - { - "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50145474f6ef4a9c19205b173da6264a644c7489", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50145474f6ef4a9c19205b173da6264a644c7489" - }, - { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", - "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1876788", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876788" } ] }, @@ -70,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability." + "value": "A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." } ] } diff --git a/2020/15xxx/CVE-2020-15487.json b/2020/15xxx/CVE-2020-15487.json index 74d99408f36..50905491c69 100644 --- a/2020/15xxx/CVE-2020-15487.json +++ b/2020/15xxx/CVE-2020-15487.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15487", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15487", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.re-desk.com/download-help-desk-software.html", + "refsource": "MISC", + "name": "https://www.re-desk.com/download-help-desk-software.html" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/", + "url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/" } ] } diff --git a/2020/19xxx/CVE-2020-19670.json b/2020/19xxx/CVE-2020-19670.json index fad97ec2151..530041b2201 100644 --- a/2020/19xxx/CVE-2020-19670.json +++ b/2020/19xxx/CVE-2020-19670.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19670", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19670", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bluecity/CMS/blob/master/niushop%20v1.11-passwd/Niushop%20V1.11.md", + "refsource": "MISC", + "name": "https://github.com/bluecity/CMS/blob/master/niushop%20v1.11-passwd/Niushop%20V1.11.md" } ] } diff --git a/2020/19xxx/CVE-2020-19672.json b/2020/19xxx/CVE-2020-19672.json index 5a097709fe6..d229d8c5323 100644 --- a/2020/19xxx/CVE-2020-19672.json +++ b/2020/19xxx/CVE-2020-19672.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19672", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19672", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bluecity/CMS/blob/master/niushop%20v1.1-upload/Niushop%20Multi-business%20V1.11-en.md", + "refsource": "MISC", + "name": "https://github.com/bluecity/CMS/blob/master/niushop%20v1.1-upload/Niushop%20Multi-business%20V1.11-en.md" } ] } diff --git a/2020/19xxx/CVE-2020-19676.json b/2020/19xxx/CVE-2020-19676.json index b2dc59eb145..4c39f8d5126 100644 --- a/2020/19xxx/CVE-2020-19676.json +++ b/2020/19xxx/CVE-2020-19676.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19676", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19676", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alibaba/nacos/issues/2284", + "refsource": "MISC", + "name": "https://github.com/alibaba/nacos/issues/2284" } ] } diff --git a/2020/21xxx/CVE-2020-21244.json b/2020/21xxx/CVE-2020-21244.json index 78373cbe582..79ef1dfa5b2 100644 --- a/2020/21xxx/CVE-2020-21244.json +++ b/2020/21xxx/CVE-2020-21244.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21244", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21244", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FrontAccountingERP/FA/issues/40", + "refsource": "MISC", + "name": "https://github.com/FrontAccountingERP/FA/issues/40" } ] } diff --git a/2020/21xxx/CVE-2020-21522.json b/2020/21xxx/CVE-2020-21522.json index 41de22e6dff..96651437f1f 100644 --- a/2020/21xxx/CVE-2020-21522.json +++ b/2020/21xxx/CVE-2020-21522.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21522", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21522", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/418", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/418" } ] } diff --git a/2020/21xxx/CVE-2020-21523.json b/2020/21xxx/CVE-2020-21523.json index 524693cfa11..233afd41b73 100644 --- a/2020/21xxx/CVE-2020-21523.json +++ b/2020/21xxx/CVE-2020-21523.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21523", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21523", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test=\"freemarker.template.utility.Execute\"?new()> ${test(\"touch /tmp/freemarkerPwned\")}" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/419", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/419" } ] } diff --git a/2020/21xxx/CVE-2020-21524.json b/2020/21xxx/CVE-2020-21524.json index 5bdc3eeadf9..868b0e75570 100644 --- a/2020/21xxx/CVE-2020-21524.json +++ b/2020/21xxx/CVE-2020-21524.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21524", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21524", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/423", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/423" } ] } diff --git a/2020/21xxx/CVE-2020-21525.json b/2020/21xxx/CVE-2020-21525.json index f6291bd372d..455367ed0e3 100644 --- a/2020/21xxx/CVE-2020-21525.json +++ b/2020/21xxx/CVE-2020-21525.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21525", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21525", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/420", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/420" } ] } diff --git a/2020/21xxx/CVE-2020-21526.json b/2020/21xxx/CVE-2020-21526.json index 8ec5cff3e40..9fe0c1ac604 100644 --- a/2020/21xxx/CVE-2020-21526.json +++ b/2020/21xxx/CVE-2020-21526.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21526", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21526", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/421", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/421" } ] } diff --git a/2020/21xxx/CVE-2020-21527.json b/2020/21xxx/CVE-2020-21527.json index 65c1a33dee7..f66b97e6e14 100644 --- a/2020/21xxx/CVE-2020-21527.json +++ b/2020/21xxx/CVE-2020-21527.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21527", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21527", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/422", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/422" } ] } diff --git a/2020/21xxx/CVE-2020-21564.json b/2020/21xxx/CVE-2020-21564.json index 83b1af44c48..5e1edff18ea 100644 --- a/2020/21xxx/CVE-2020-21564.json +++ b/2020/21xxx/CVE-2020-21564.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21564", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21564", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Pluck CMS v4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pluck-cms/pluck/issues/91", + "refsource": "MISC", + "name": "https://github.com/pluck-cms/pluck/issues/91" } ] } diff --git a/2020/22xxx/CVE-2020-22842.json b/2020/22xxx/CVE-2020-22842.json index dd789fdb7cb..03823150754 100644 --- a/2020/22xxx/CVE-2020-22842.json +++ b/2020/22xxx/CVE-2020-22842.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22842", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12291", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12291" } ] } diff --git a/2020/24xxx/CVE-2020-24721.json b/2020/24xxx/CVE-2020-24721.json index 6a8ad648427..1faf41e89d8 100644 --- a/2020/24xxx/CVE-2020-24721.json +++ b/2020/24xxx/CVE-2020-24721.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24721", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24721", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the GAEN (aka Google Apple Encounter Notification) protocol through 2020-08-27, as used in Corona applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or dis-proving an encounter notification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.google/inside-google/company-announcements/update-exposure-notifications", + "refsource": "MISC", + "name": "https://blog.google/inside-google/company-announcements/update-exposure-notifications" + }, + { + "refsource": "MISC", + "name": "https://github.com/minvws/nl-covid19-notification-app-coordination/blob/master/CVEs/CVE-2020-24721.txt", + "url": "https://github.com/minvws/nl-covid19-notification-app-coordination/blob/master/CVEs/CVE-2020-24721.txt" + }, + { + "refsource": "FULLDISC", + "name": "FULLDISC: 20200929 CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]", + "url": "https://seclists.org/fulldisclosure/2020/Sep/53" } ] } diff --git a/2020/25xxx/CVE-2020-25775.json b/2020/25xxx/CVE-2020-25775.json index 14c925a9ab1..b4a9949ae24 100644 --- a/2020/25xxx/CVE-2020-25775.json +++ b/2020/25xxx/CVE-2020-25775.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\ufffds secure erase feature to delete files with a higher set of privileges." + "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges." } ] }, diff --git a/2020/26xxx/CVE-2020-26155.json b/2020/26xxx/CVE-2020-26155.json new file mode 100644 index 00000000000..c889aaf8a72 --- /dev/null +++ b/2020/26xxx/CVE-2020-26155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26156.json b/2020/26xxx/CVE-2020-26156.json new file mode 100644 index 00000000000..5a02ad32ee4 --- /dev/null +++ b/2020/26xxx/CVE-2020-26156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26157.json b/2020/26xxx/CVE-2020-26157.json new file mode 100644 index 00000000000..25d5a76a2ee --- /dev/null +++ b/2020/26xxx/CVE-2020-26157.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-26157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/leanote/desktop-app/issues/353", + "refsource": "MISC", + "name": "https://github.com/leanote/desktop-app/issues/353" + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26158.json b/2020/26xxx/CVE-2020-26158.json new file mode 100644 index 00000000000..0e8a7582b51 --- /dev/null +++ b/2020/26xxx/CVE-2020-26158.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-26158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/leanote/desktop-app/issues/353", + "refsource": "MISC", + "name": "https://github.com/leanote/desktop-app/issues/353" + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26159.json b/2020/26xxx/CVE-2020-26159.json index 658d0ebc61f..fe824044ff7 100644 --- a/2020/26xxx/CVE-2020-26159.json +++ b/2020/26xxx/CVE-2020-26159.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-26159", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/kkos/oniguruma/issues/207", - "refsource": "MISC", - "name": "https://github.com/kkos/oniguruma/issues/207" - }, - { - "url": "https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0", - "refsource": "MISC", - "name": "https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2020/26xxx/CVE-2020-26161.json b/2020/26xxx/CVE-2020-26161.json new file mode 100644 index 00000000000..d9159988904 --- /dev/null +++ b/2020/26xxx/CVE-2020-26161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26162.json b/2020/26xxx/CVE-2020-26162.json new file mode 100644 index 00000000000..e2f2576f4eb --- /dev/null +++ b/2020/26xxx/CVE-2020-26162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26163.json b/2020/26xxx/CVE-2020-26163.json new file mode 100644 index 00000000000..1814655dcbc --- /dev/null +++ b/2020/26xxx/CVE-2020-26163.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-26163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sakshamanand.com/host-header-injection-bigbluebutton/", + "refsource": "MISC", + "name": "https://www.sakshamanand.com/host-header-injection-bigbluebutton/" + }, + { + "url": "https://github.com/bigbluebutton/greenlight/releases/tag/release-2.5.6", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/greenlight/releases/tag/release-2.5.6" + }, + { + "url": "https://github.com/bigbluebutton/greenlight/pull/1543", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/greenlight/pull/1543" + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26164.json b/2020/26xxx/CVE-2020-26164.json new file mode 100644 index 00000000000..e52f2e75979 --- /dev/null +++ b/2020/26xxx/CVE-2020-26164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26165.json b/2020/26xxx/CVE-2020-26165.json new file mode 100644 index 00000000000..491a8442d42 --- /dev/null +++ b/2020/26xxx/CVE-2020-26165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26166.json b/2020/26xxx/CVE-2020-26166.json new file mode 100644 index 00000000000..95c7f7da13a --- /dev/null +++ b/2020/26xxx/CVE-2020-26166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4629.json b/2020/4xxx/CVE-2020-4629.json index 442139a7de0..579aec652ba 100644 --- a/2020/4xxx/CVE-2020-4629.json +++ b/2020/4xxx/CVE-2020-4629.json @@ -1,99 +1,99 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370." - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-09-29T00:00:00", - "ID" : "CVE-2020-4629" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370." } - ] - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6339255", - "title" : "IBM Security Bulletin 6339255 (WebSphere Application Server)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6339255" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185370", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-was-cve20204629-info-disc (185370)" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "UI" : "N", - "AV" : "L", - "C" : "L", - "PR" : "N", - "A" : "N", - "SCORE" : "2.900", - "AC" : "H", - "S" : "U", - "I" : "N" - } - } - } -} + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-09-29T00:00:00", + "ID": "CVE-2020-4629" + }, + "data_version": "4.0", + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6339255", + "title": "IBM Security Bulletin 6339255 (WebSphere Application Server)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6339255" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185370", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-was-cve20204629-info-disc (185370)" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "UI": "N", + "AV": "L", + "C": "L", + "PR": "N", + "A": "N", + "SCORE": "2.900", + "AC": "H", + "S": "U", + "I": "N" + } + } + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5132.json b/2020/5xxx/CVE-2020-5132.json index 62d6109436d..5775376cac4 100644 --- a/2020/5xxx/CVE-2020-5132.json +++ b/2020/5xxx/CVE-2020-5132.json @@ -1,82 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@sonicwall.com", - "ID": "CVE-2020-5132", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SMA100", - "version": { - "version_data": [ - { - "version_value": "SMA100 10.2.0.2-20sv" - } - ] + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2020-5132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SMA100", + "version": { + "version_data": [ + { + "version_value": "SMA100 10.2.0.2-20sv" + } + ] + } + }, + { + "product_name": "SMA1000", + "version": { + "version_data": [ + { + "version_value": "SMA1000 12.4.0-2223" + } + ] + } + }, + { + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_value": "SonicOS 6.5.4.6-79n" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" } - }, - { - "product_name": "SMA1000", - "version": { - "version_data": [ - { - "version_value": "SMA1000 12.4.0-2223" - } - ] - } - }, - { - "product_name": "SonicOS", - "version": { - "version_data": [ - { - "version_value": "SonicOS 6.5.4.6-79n" - } - ] - } - } ] - }, - "vendor_name": "SonicWall" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization\u2019s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006", - "refsource": "CONFIRM", - "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006" - } - ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006" + } + ] + } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5913.json b/2020/5xxx/CVE-2020-5913.json index a6bb483300e..6473c0fb914 100644 --- a/2020/5xxx/CVE-2020-5913.json +++ b/2020/5xxx/CVE-2020-5913.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "MitM" + "value": "BIG-IP SSL/TLS CRL vulnerability" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts server-side connections and may result in a man-in-the-middle attack on the connections." + "value": "In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections." } ] } diff --git a/2020/7xxx/CVE-2020-7712.json b/2020/7xxx/CVE-2020-7712.json index dd3bca752b1..07414d4f5b9 100644 --- a/2020/7xxx/CVE-2020-7712.json +++ b/2020/7xxx/CVE-2020-7712.json @@ -86,6 +86,41 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", "url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", + "url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", + "url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-dev] 20200930 [jira] [Created] (FLINK-19471) CVE-2020-7712 is reported for flink-streaming-java_2.11:jar:1.11.1", + "url": "https://lists.apache.org/thread.html/r9c6d28e5b9a9b3481b7d1f90f1c2f75cd1a5ade91038426e0fb095da@%3Cdev.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200930 [jira] [Created] (FLINK-19471) CVE-2020-7712 is reported for flink-streaming-java_2.11:jar:1.11.1", + "url": "https://lists.apache.org/thread.html/r977a907ecbedf87ae5ba47d4c77639efb120f74d4d1b3de14a4ef4da@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", + "url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200930 [jira] [Commented] (FLINK-19471) CVE-2020-7712 is reported for flink-streaming-java_2.11:jar:1.11.1", + "url": "https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200930 [jira] [Updated] (FLINK-19471) CVE-2020-7712 is reported for flink-streaming-java_2.11:jar:1.11.1", + "url": "https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d@%3Cissues.flink.apache.org%3E" } ] },