diff --git a/2019/15xxx/CVE-2019-15601.json b/2019/15xxx/CVE-2019-15601.json index a01f2601084..c950fdbf956 100644 --- a/2019/15xxx/CVE-2019-15601.json +++ b/2019/15xxx/CVE-2019-15601.json @@ -63,6 +63,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200416-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200416-0003/" } ] }, diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index eb867b6d53f..669594d8255 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -38,7 +38,7 @@ "credit": [ { "lang": "eng", - "value": "Cesar Pereida Garc\ufffda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" + "value": "Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley" } ], "data_format": "MITRE", @@ -207,6 +207,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200416-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200416-0003/" } ] } diff --git a/2019/5xxx/CVE-2019-5482.json b/2019/5xxx/CVE-2019-5482.json index e7993ebead6..c7e8fdc2197 100644 --- a/2019/5xxx/CVE-2019-5482.json +++ b/2019/5xxx/CVE-2019-5482.json @@ -103,6 +103,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200416-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200416-0003/" } ] }, diff --git a/2020/11xxx/CVE-2020-11818.json b/2020/11xxx/CVE-2020-11818.json index ec9c41a6410..abd794742e6 100644 --- a/2020/11xxx/CVE-2020-11818.json +++ b/2020/11xxx/CVE-2020-11818.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11818", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11818", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-csrf-bypass-privilege.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-csrf-bypass-privilege.html" } ] } diff --git a/2020/11xxx/CVE-2020-11819.json b/2020/11xxx/CVE-2020-11819.json index 76714b8d2cb..a679f446ec6 100644 --- a/2020/11xxx/CVE-2020-11819.json +++ b/2020/11xxx/CVE-2020-11819.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11819", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11819", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce-via.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce-via.html" } ] } diff --git a/2020/11xxx/CVE-2020-11820.json b/2020/11xxx/CVE-2020-11820.json index ddd143dd244..5e9f0dd94e2 100644 --- a/2020/11xxx/CVE-2020-11820.json +++ b/2020/11xxx/CVE-2020-11820.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11820", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11820", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-entitiesid.html", + "refsource": "MISC", + "name": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-sql-injection-entitiesid.html" } ] }