diff --git a/2011/2xxx/CVE-2011-2714.json b/2011/2xxx/CVE-2011-2714.json index 9bfd0ae8c68..28d23494daf 100644 --- a/2011/2xxx/CVE-2011-2714.json +++ b/2011/2xxx/CVE-2011-2714.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2714", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Data-module", + "version": { + "version_data": [ + { + "version_value": "6.x-1.0-alpha14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/8" + }, + { + "refsource": "MISC", + "name": "https://www.drupal.org/node/1056470", + "url": "https://www.drupal.org/node/1056470" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/Feb/219", + "url": "https://seclists.org/fulldisclosure/2011/Feb/219" } ] } diff --git a/2011/2xxx/CVE-2011-2715.json b/2011/2xxx/CVE-2011-2715.json index ed84903c11f..d6cbd6a936b 100644 --- a/2011/2xxx/CVE-2011-2715.json +++ b/2011/2xxx/CVE-2011-2715.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2715", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Data-module", + "version": { + "version_data": [ + { + "version_value": "6.x-1.0-alpha14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/8" + }, + { + "refsource": "MISC", + "name": "https://www.drupal.org/node/1056470", + "url": "https://www.drupal.org/node/1056470" } ] } diff --git a/2019/12xxx/CVE-2019-12922.json b/2019/12xxx/CVE-2019-12922.json index dc4af5e8fed..b328978bb08 100644 --- a/2019/12xxx/CVE-2019-12922.json +++ b/2019/12xxx/CVE-2019-12922.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b", "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 686a724e4d2..c5aaa1b80fe 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 688ff72b82e..7a4a1fce863 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 50661cb56cf..6152132b3fd 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 639ab402b37..3a723d9004f 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" } ] }, diff --git a/2019/18xxx/CVE-2019-18622.json b/2019/18xxx/CVE-2019-18622.json index 03244635dc8..6568d5bef65 100644 --- a/2019/18xxx/CVE-2019-18622.json +++ b/2019/18xxx/CVE-2019-18622.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2599", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2019/19xxx/CVE-2019-19724.json b/2019/19xxx/CVE-2019-19724.json index bd34cf4c3bf..d0ebdb1e9a0 100644 --- a/2019/19xxx/CVE-2019-19724.json +++ b/2019/19xxx/CVE-2019-19724.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://github.com/sylabs/singularity/releases/tag/v3.5.2", "url": "https://github.com/sylabs/singularity/releases/tag/v3.5.2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0057", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html" } ] } diff --git a/2020/5xxx/CVE-2020-5504.json b/2020/5xxx/CVE-2020-5504.json index 57b69576323..904c4467cfa 100644 --- a/2020/5xxx/CVE-2020-5504.json +++ b/2020/5xxx/CVE-2020-5504.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.phpmyadmin.net/security/PMASA-2020-1/", "url": "https://www.phpmyadmin.net/security/PMASA-2020-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2020/7xxx/CVE-2020-7056.json b/2020/7xxx/CVE-2020-7056.json new file mode 100644 index 00000000000..203919e9982 --- /dev/null +++ b/2020/7xxx/CVE-2020-7056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7057.json b/2020/7xxx/CVE-2020-7057.json new file mode 100644 index 00000000000..95bad64a02a --- /dev/null +++ b/2020/7xxx/CVE-2020-7057.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://34.205.168.58/2020/01/13/hikvision-dvr-ds-7204hghi-user-enumeration/", + "refsource": "MISC", + "name": "http://34.205.168.58/2020/01/13/hikvision-dvr-ds-7204hghi-user-enumeration/" + } + ] + } +} \ No newline at end of file