diff --git a/2020/15xxx/CVE-2020-15701.json b/2020/15xxx/CVE-2020-15701.json index fda1611b261..a8f3c1764de 100644 --- a/2020/15xxx/CVE-2020-15701.json +++ b/2020/15xxx/CVE-2020-15701.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4449-1", "url": "https://usn.ubuntu.com/4449-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4449-2", + "url": "https://usn.ubuntu.com/4449-2/" } ] }, diff --git a/2020/15xxx/CVE-2020-15702.json b/2020/15xxx/CVE-2020-15702.json index 4fc1a4560ed..fe2d70eea9a 100644 --- a/2020/15xxx/CVE-2020-15702.json +++ b/2020/15xxx/CVE-2020-15702.json @@ -111,6 +111,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4449-2", + "url": "https://usn.ubuntu.com/4449-2/" } ] }, diff --git a/2020/22xxx/CVE-2020-22158.json b/2020/22xxx/CVE-2020-22158.json index 6db8baa81ba..0df94cc843b 100644 --- a/2020/22xxx/CVE-2020-22158.json +++ b/2020/22xxx/CVE-2020-22158.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22158", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22158", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the \"path\" or \"Services+ID\" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the \"name\" parameter with the malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/02/ericsson-multiple-stored-reflected-xss.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/02/ericsson-multiple-stored-reflected-xss.html" } ] } diff --git a/2020/25xxx/CVE-2020-25375.json b/2020/25xxx/CVE-2020-25375.json index ac7fe97f710..4e85cb543ca 100644 --- a/2020/25xxx/CVE-2020-25375.json +++ b/2020/25xxx/CVE-2020-25375.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2", + "refsource": "MISC", + "name": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2" } ] } diff --git a/2020/25xxx/CVE-2020-25378.json b/2020/25xxx/CVE-2020-25378.json index 086323cae20..e245262270e 100644 --- a/2020/25xxx/CVE-2020-25378.json +++ b/2020/25xxx/CVE-2020-25378.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25378", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25378", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/", + "refsource": "MISC", + "name": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/" } ] } diff --git a/2020/25xxx/CVE-2020-25379.json b/2020/25xxx/CVE-2020-25379.json index 664c930af33..bb555973e0b 100644 --- a/2020/25xxx/CVE-2020-25379.json +++ b/2020/25xxx/CVE-2020-25379.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/", + "refsource": "MISC", + "name": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/" } ] } diff --git a/2020/25xxx/CVE-2020-25380.json b/2020/25xxx/CVE-2020-25380.json index 1c0cc37039a..5d521ed8a71 100644 --- a/2020/25xxx/CVE-2020-25380.json +++ b/2020/25xxx/CVE-2020-25380.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25380", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25380", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/", + "refsource": "MISC", + "name": "https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/" } ] }