From eb87ddfbbcaebfe93b30b5ddfcad6708921a6f4b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Jan 2020 15:01:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3582.json | 50 ++++++++++++++++++++++++++-- 2018/10xxx/CVE-2018-10899.json | 15 +++++++++ 2019/18xxx/CVE-2019-18583.json | 18 ++++++++++ 2019/18xxx/CVE-2019-18584.json | 18 ++++++++++ 2019/18xxx/CVE-2019-18585.json | 18 ++++++++++ 2019/18xxx/CVE-2019-18586.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6959.json | 50 ++++++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6960.json | 50 ++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7228.json | 61 ++++++++++++++++++++++++++++++---- 9 files changed, 283 insertions(+), 15 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18583.json create mode 100644 2019/18xxx/CVE-2019-18584.json create mode 100644 2019/18xxx/CVE-2019-18585.json create mode 100644 2019/18xxx/CVE-2019-18586.json diff --git a/2011/3xxx/CVE-2011-3582.json b/2011/3xxx/CVE-2011-3582.json index 2d0a1b22181..0b3304f6e4c 100644 --- a/2011/3xxx/CVE-2011-3582.json +++ b/2011/3xxx/CVE-2011-3582.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3582", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Electron Inc.", + "product": { + "product_data": [ + { + "product_name": "Advanced Electron Forums (AEF)", + "version": { + "version_data": [ + { + "version_value": "through 1.0.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/09/30/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/09/30/3" } ] } diff --git a/2018/10xxx/CVE-2018-10899.json b/2018/10xxx/CVE-2018-10899.json index 782016d9f6d..5f08f15efd6 100644 --- a/2018/10xxx/CVE-2018-10899.json +++ b/2018/10xxx/CVE-2018-10899.json @@ -83,6 +83,21 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", "url": "https://lists.apache.org/thread.html/rdb0a59d7851e721b75beea13d6488e345a3e2735838e89d9269d7d32@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Commented] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r64701caec91c43efd7416d6bddef88447371101e00e8562741ede262@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r46f6dbc029f49e1f638c6eb82accb94b7f990d818cb3b3bc0007dd0a@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r67cdc50af9caf89c9ebe1bde08393a343dcd89edba1c63677f68f43b@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18583.json b/2019/18xxx/CVE-2019-18583.json new file mode 100644 index 00000000000..6799c4adccf --- /dev/null +++ b/2019/18xxx/CVE-2019-18583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18583", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18584.json b/2019/18xxx/CVE-2019-18584.json new file mode 100644 index 00000000000..22be8b61480 --- /dev/null +++ b/2019/18xxx/CVE-2019-18584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18584", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18585.json b/2019/18xxx/CVE-2019-18585.json new file mode 100644 index 00000000000..5394b48462b --- /dev/null +++ b/2019/18xxx/CVE-2019-18585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18586.json b/2019/18xxx/CVE-2019-18586.json new file mode 100644 index 00000000000..d467ba53bf8 --- /dev/null +++ b/2019/18xxx/CVE-2019-18586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18586", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6959.json b/2020/6xxx/CVE-2020-6959.json index ed743b88aa6..6bf5e85aab2 100644 --- a/2020/6xxx/CVE-2020-6959.json +++ b/2020/6xxx/CVE-2020-6959.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honeywell Maxpro VMS & NVR", + "version": { + "version_data": [ + { + "version_value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution." } ] } diff --git a/2020/6xxx/CVE-2020-6960.json b/2020/6xxx/CVE-2020-6960.json index 3c4e0ae98c3..5fb854ea313 100644 --- a/2020/6xxx/CVE-2020-6960.json +++ b/2020/6xxx/CVE-2020-6960.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honeywell Maxpro VMS & NVR", + "version": { + "version_data": [ + { + "version_value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges." } ] } diff --git a/2020/7xxx/CVE-2020-7228.json b/2020/7xxx/CVE-2020-7228.json index ecc96b9c58c..9a602492c88 100644 --- a/2020/7xxx/CVE-2020-7228.json +++ b/2020/7xxx/CVE-2020-7228.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7228", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7228", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/calculated-fields-form/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/calculated-fields-form/#developers" + }, + { + "refsource": "MISC", + "name": "https://spider-security.co.uk/blog-cve-2020-7228", + "url": "https://spider-security.co.uk/blog-cve-2020-7228" } ] }