diff --git a/2020/11xxx/CVE-2020-11552.json b/2020/11xxx/CVE-2020-11552.json index 954e1c5df30..3c0ec249099 100644 --- a/2020/11xxx/CVE-2020-11552.json +++ b/2020/11xxx/CVE-2020-11552.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11552", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11552", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \\windows\\system32, cmd.exe can be launched as a SYSTEM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Aug/4", + "url": "http://seclists.org/fulldisclosure/2020/Aug/4" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html" + }, + { + "refsource": "CONFIRM", + "name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support", + "url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48739", + "url": "https://www.exploit-db.com/exploits/48739" } ] } diff --git a/2020/11xxx/CVE-2020-11984.json b/2020/11xxx/CVE-2020-11984.json index 104f29d17d1..4681ca26768 100644 --- a/2020/11xxx/CVE-2020-11984.json +++ b/2020/11xxx/CVE-2020-11984.json @@ -83,6 +83,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?", "url": "https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?", + "url": "https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E" } ] }, diff --git a/2020/11xxx/CVE-2020-11993.json b/2020/11xxx/CVE-2020-11993.json index f1b78a52dbf..4e20f4bc736 100644 --- a/2020/11xxx/CVE-2020-11993.json +++ b/2020/11xxx/CVE-2020-11993.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?", "url": "https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?", + "url": "https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E" } ] }, diff --git a/2020/13xxx/CVE-2020-13124.json b/2020/13xxx/CVE-2020-13124.json index e1fb938c6ff..9dac692f4b6 100644 --- a/2020/13xxx/CVE-2020-13124.json +++ b/2020/13xxx/CVE-2020-13124.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sabnzbd.org/downloads", + "refsource": "MISC", + "name": "https://sabnzbd.org/downloads" + }, + { + "refsource": "MISC", + "name": "https://github.com/sabnzbd/sabnzbd/commits/develop", + "url": "https://github.com/sabnzbd/sabnzbd/commits/develop" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2", + "url": "https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2" } ] } diff --git a/2020/15xxx/CVE-2020-15597.json b/2020/15xxx/CVE-2020-15597.json index a632fad84b9..2091d33e781 100644 --- a/2020/15xxx/CVE-2020-15597.json +++ b/2020/15xxx/CVE-2020-15597.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15597", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15597", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.soplanning.org", + "refsource": "MISC", + "name": "https://www.soplanning.org" + }, + { + "refsource": "MISC", + "name": "https://www.sevenlayers.com/index.php/364-soplanning-v1-46-01-xss-session-hijack", + "url": "https://www.sevenlayers.com/index.php/364-soplanning-v1-46-01-xss-session-hijack" } ] } diff --git a/2020/15xxx/CVE-2020-15702.json b/2020/15xxx/CVE-2020-15702.json index 95ae011e29a..4fc1a4560ed 100644 --- a/2020/15xxx/CVE-2020-15702.json +++ b/2020/15xxx/CVE-2020-15702.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4449-1", "url": "https://usn.ubuntu.com/4449-1/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/" } ] }, diff --git a/2020/16xxx/CVE-2020-16092.json b/2020/16xxx/CVE-2020-16092.json index ebd389b7837..3ccab0086d0 100644 --- a/2020/16xxx/CVE-2020-16092.json +++ b/2020/16xxx/CVE-2020-16092.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-16092", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-16092", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/10/1", + "url": "http://www.openwall.com/lists/oss-security/2020/08/10/1" } ] } diff --git a/2020/16xxx/CVE-2020-16166.json b/2020/16xxx/CVE-2020-16166.json index a93394d5f6e..07b33c55126 100644 --- a/2020/16xxx/CVE-2020-16166.json +++ b/2020/16xxx/CVE-2020-16166.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1153", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-8d634e31c0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/" } ] } diff --git a/2020/17xxx/CVE-2020-17367.json b/2020/17xxx/CVE-2020-17367.json index 21839503974..d008f49d8d6 100644 --- a/2020/17xxx/CVE-2020-17367.json +++ b/2020/17xxx/CVE-2020-17367.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17367", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17367", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/netblue30/firejail", + "refsource": "MISC", + "name": "https://github.com/netblue30/firejail" + }, + { + "refsource": "MISC", + "name": "https://www.debian.org/security/2020/dsa-4742", + "url": "https://www.debian.org/security/2020/dsa-4742" } ] } diff --git a/2020/17xxx/CVE-2020-17368.json b/2020/17xxx/CVE-2020-17368.json index b42073bca12..b79298d7f9f 100644 --- a/2020/17xxx/CVE-2020-17368.json +++ b/2020/17xxx/CVE-2020-17368.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17368", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17368", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/netblue30/firejail/", + "refsource": "MISC", + "name": "https://github.com/netblue30/firejail/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4742", + "url": "https://www.debian.org/security/2020/dsa-4742" } ] } diff --git a/2020/9xxx/CVE-2020-9490.json b/2020/9xxx/CVE-2020-9490.json index a84c6bd675f..fd5b7c76dd7 100644 --- a/2020/9xxx/CVE-2020-9490.json +++ b/2020/9xxx/CVE-2020-9490.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?", "url": "https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?", + "url": "https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E" } ] },