From fa5d118a21c122bf06b91d218d1800df382a3156 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Apr 2020 17:01:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/18xxx/CVE-2017-18822.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18823.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18824.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18825.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18826.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18827.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18828.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18829.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18830.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18831.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18832.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18833.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18834.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18835.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18836.json | 70 +++++++++++++++++++++++++++++++--- 2017/18xxx/CVE-2017-18837.json | 70 +++++++++++++++++++++++++++++++--- 2020/5xxx/CVE-2020-5264.json | 2 +- 2020/5xxx/CVE-2020-5265.json | 2 +- 2020/5xxx/CVE-2020-5269.json | 2 +- 2020/5xxx/CVE-2020-5270.json | 2 +- 2020/5xxx/CVE-2020-5271.json | 2 +- 2020/5xxx/CVE-2020-5272.json | 2 +- 2020/5xxx/CVE-2020-5276.json | 2 +- 2020/5xxx/CVE-2020-5278.json | 2 +- 2020/5xxx/CVE-2020-5279.json | 2 +- 2020/5xxx/CVE-2020-5285.json | 2 +- 2020/5xxx/CVE-2020-5293.json | 2 +- 27 files changed, 1035 insertions(+), 107 deletions(-) diff --git a/2017/18xxx/CVE-2017-18822.json b/2017/18xxx/CVE-2017-18822.json index cbcb756d2a2..6b513f6f6e9 100644 --- a/2017/18xxx/CVE-2017-18822.json +++ b/2017/18xxx/CVE-2017-18822.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18822", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18822", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049043/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1944", + "url": "https://kb.netgear.com/000049043/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1944" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18823.json b/2017/18xxx/CVE-2017-18823.json index 820d237f0fb..cecbd94ee27 100644 --- a/2017/18xxx/CVE-2017-18823.json +++ b/2017/18xxx/CVE-2017-18823.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18823", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18823", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049042/Security-Advisory-for-Security-Misconfiguration-on-Some-Fully-Managed-Switches-PSV-2017-1943", + "url": "https://kb.netgear.com/000049042/Security-Advisory-for-Security-Misconfiguration-on-Some-Fully-Managed-Switches-PSV-2017-1943" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:N/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18824.json b/2017/18xxx/CVE-2017-18824.json index c0332c6ed71..3220137e5de 100644 --- a/2017/18xxx/CVE-2017-18824.json +++ b/2017/18xxx/CVE-2017-18824.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18824", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942", + "url": "https://kb.netgear.com/000049041/Security-Advisory-for-Directory-Traversal-on-Some-Fully-Managed-Switches-PSV-2017-1942" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:L/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18825.json b/2017/18xxx/CVE-2017-18825.json index 65da23d6928..f40c4d7249c 100644 --- a/2017/18xxx/CVE-2017-18825.json +++ b/2017/18xxx/CVE-2017-18825.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18825", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18825", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049040/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1941", + "url": "https://kb.netgear.com/000049040/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1941" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18826.json b/2017/18xxx/CVE-2017-18826.json index 9b058738656..278e23fd15e 100644 --- a/2017/18xxx/CVE-2017-18826.json +++ b/2017/18xxx/CVE-2017-18826.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18826", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18826", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049039/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1940", + "url": "https://kb.netgear.com/000049039/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1940" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18827.json b/2017/18xxx/CVE-2017-18827.json index ada964b312e..ece2e8a2e23 100644 --- a/2017/18xxx/CVE-2017-18827.json +++ b/2017/18xxx/CVE-2017-18827.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18827", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18827", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049038/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1939", + "url": "https://kb.netgear.com/000049038/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1939" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18828.json b/2017/18xxx/CVE-2017-18828.json index 68d6488d208..dd44ec93fde 100644 --- a/2017/18xxx/CVE-2017-18828.json +++ b/2017/18xxx/CVE-2017-18828.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18828", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18828", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049033/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1938", + "url": "https://kb.netgear.com/000049033/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1938" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18829.json b/2017/18xxx/CVE-2017-18829.json index 30b29cfdf47..ddc38450053 100644 --- a/2017/18xxx/CVE-2017-18829.json +++ b/2017/18xxx/CVE-2017-18829.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18829", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18829", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049032/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1937", + "url": "https://kb.netgear.com/000049032/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1937" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18830.json b/2017/18xxx/CVE-2017-18830.json index 56f7ce7cb72..f75aa746d02 100644 --- a/2017/18xxx/CVE-2017-18830.json +++ b/2017/18xxx/CVE-2017-18830.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18830", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18830", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049021/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1205", + "url": "https://kb.netgear.com/000049021/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1205" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18831.json b/2017/18xxx/CVE-2017-18831.json index 467e7a04106..a1face95161 100644 --- a/2017/18xxx/CVE-2017-18831.json +++ b/2017/18xxx/CVE-2017-18831.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18831", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18831", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049031/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1952", + "url": "https://kb.netgear.com/000049031/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1952" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18832.json b/2017/18xxx/CVE-2017-18832.json index 62583bf7eb8..30811b3fc8a 100644 --- a/2017/18xxx/CVE-2017-18832.json +++ b/2017/18xxx/CVE-2017-18832.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18832", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18832", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049030/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1954", + "url": "https://kb.netgear.com/000049030/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1954" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18833.json b/2017/18xxx/CVE-2017-18833.json index e9033603e84..03d41e11b3b 100644 --- a/2017/18xxx/CVE-2017-18833.json +++ b/2017/18xxx/CVE-2017-18833.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18833", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18833", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049029/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1955", + "url": "https://kb.netgear.com/000049029/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1955" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18834.json b/2017/18xxx/CVE-2017-18834.json index 1cd8dddd50c..9dfd986aeb7 100644 --- a/2017/18xxx/CVE-2017-18834.json +++ b/2017/18xxx/CVE-2017-18834.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18834", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18834", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049028/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1956", + "url": "https://kb.netgear.com/000049028/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1956" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18835.json b/2017/18xxx/CVE-2017-18835.json index fc49bda5e16..34bbfa5745e 100644 --- a/2017/18xxx/CVE-2017-18835.json +++ b/2017/18xxx/CVE-2017-18835.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18835", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18835", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049027/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1957", + "url": "https://kb.netgear.com/000049027/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1957" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18836.json b/2017/18xxx/CVE-2017-18836.json index 1b70ffe585d..d23bf013845 100644 --- a/2017/18xxx/CVE-2017-18836.json +++ b/2017/18xxx/CVE-2017-18836.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18836", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18836", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049026/Security-Advisory-for-Denial-of-Service-on-Some-Fully-Managed-Switches-PSV-2017-1959", + "url": "https://kb.netgear.com/000049026/Security-Advisory-for-Denial-of-Service-on-Some-Fully-Managed-Switches-PSV-2017-1959" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18837.json b/2017/18xxx/CVE-2017-18837.json index dedef31b889..5b237598bb8 100644 --- a/2017/18xxx/CVE-2017-18837.json +++ b/2017/18xxx/CVE-2017-18837.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2017-18837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2017-18837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000049025/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1973", + "url": "https://kb.netgear.com/000049025/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1973" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5264.json b/2020/5xxx/CVE-2020-5264.json index adf32b10d32..0057bb56215 100644 --- a/2020/5xxx/CVE-2020-5264.json +++ b/2020/5xxx/CVE-2020-5264.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page.\nIt allows anyone to execute arbitrary action.\n\nThe problem is patched in the 1.7.6.5." + "value": "In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5." } ] }, diff --git a/2020/5xxx/CVE-2020-5265.json b/2020/5xxx/CVE-2020-5265.json index f38e373b305..1ec1c05c05c 100644 --- a/2020/5xxx/CVE-2020-5265.json +++ b/2020/5xxx/CVE-2020-5265.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page.\n\nThe problem is patched in 1.7.6.5." + "value": "In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5." } ] }, diff --git a/2020/5xxx/CVE-2020-5269.json b/2020/5xxx/CVE-2020-5269.json index 65e9cbfb275..0b18096f826 100644 --- a/2020/5xxx/CVE-2020-5269.json +++ b/2020/5xxx/CVE-2020-5269.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter.\n\nThe problem is fixed in 1.7.6.5" + "value": "In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5270.json b/2020/5xxx/CVE-2020-5270.json index d4b970c7bdd..8cc919723ad 100644 --- a/2020/5xxx/CVE-2020-5270.json +++ b/2020/5xxx/CVE-2020-5270.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter.\nThe impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable.\n\nThe problem is fixed in 1.7.6.5" + "value": "In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5271.json b/2020/5xxx/CVE-2020-5271.json index efb5652c4fb..d36fac16808 100644 --- a/2020/5xxx/CVE-2020-5271.json +++ b/2020/5xxx/CVE-2020-5271.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page\n\nThis problem is fixed in 1.7.6.5" + "value": "In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5272.json b/2020/5xxx/CVE-2020-5272.json index 90d4d416a4b..3bb159f1bdd 100644 --- a/2020/5xxx/CVE-2020-5272.json +++ b/2020/5xxx/CVE-2020-5272.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters.\n\nThe problem is patched in 1.7.6.5" + "value": "In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5276.json b/2020/5xxx/CVE-2020-5276.json index 03943440e40..301f863bf6b 100644 --- a/2020/5xxx/CVE-2020-5276.json +++ b/2020/5xxx/CVE-2020-5276.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter\n\nThe problem is fixed in 1.7.6.5" + "value": "In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5278.json b/2020/5xxx/CVE-2020-5278.json index 0f150d1effc..20c828dd92e 100644 --- a/2020/5xxx/CVE-2020-5278.json +++ b/2020/5xxx/CVE-2020-5278.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page\n\nThe problem is fixed in 1.7.6.5" + "value": "In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5279.json b/2020/5xxx/CVE-2020-5279.json index c7f7cda123d..da3349d773a 100644 --- a/2020/5xxx/CVE-2020-5279.json +++ b/2020/5xxx/CVE-2020-5279.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers.\n\n- admin-dev/index.php/configure/shop/customer-preferences/\n- admin-dev/index.php/improve/international/translations/\n- admin-dev/index.php/improve/international/geolocation/\n- admin-dev/index.php/improve/international/localization\n- admin-dev/index.php/configure/advanced/performance\n- admin-dev/index.php/sell/orders/delivery-slips/\n- admin-dev/index.php?controller=AdminStatuses\n\nThe problem is fixed in 1.7.6.5" + "value": "In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5285.json b/2020/5xxx/CVE-2020-5285.json index 95c72967390..0ef4cde11ed 100644 --- a/2020/5xxx/CVE-2020-5285.json +++ b/2020/5xxx/CVE-2020-5285.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter.\n\nThe problem is fixed in 1.7.6.5" + "value": "In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5" } ] }, diff --git a/2020/5xxx/CVE-2020-5293.json b/2020/5xxx/CVE-2020-5293.json index 8d64dfc764a..3f114364a2d 100644 --- a/2020/5xxx/CVE-2020-5293.json +++ b/2020/5xxx/CVE-2020-5293.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices.\n\nThe problem is fixed in 1.7.6.5." + "value": "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5." } ] },