diff --git a/2020/15xxx/CVE-2020-15778.json b/2020/15xxx/CVE-2020-15778.json index 2d827679e4e..c3e96321b7c 100644 --- a/2020/15xxx/CVE-2020-15778.json +++ b/2020/15xxx/CVE-2020-15778.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"" + "value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"" } ] }, @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200731-0007/", "url": "https://security.netapp.com/advisory/ntap-20200731-0007/" + }, + { + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=25005567", + "url": "https://news.ycombinator.com/item?id=25005567" } ] } diff --git a/2020/25xxx/CVE-2020-25170.json b/2020/25xxx/CVE-2020-25170.json index f99a31552cd..4a53a9c41b4 100644 --- a/2020/25xxx/CVE-2020-25170.json +++ b/2020/25xxx/CVE-2020-25170.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-10-22T15:00:00.000Z", "ID": "CVE-2020-25170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "B. Braun OnlineSuite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OnlineSuite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "AP", + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "B. Braun Melsungen AG" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01" + } + ] + }, + "source": { + "advisory": "ICSMA-20-296-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25172.json b/2020/25xxx/CVE-2020-25172.json index 134c491c086..37a6058471c 100644 --- a/2020/25xxx/CVE-2020-25172.json +++ b/2020/25xxx/CVE-2020-25172.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-10-22T15:00:00.000Z", "ID": "CVE-2020-25172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "B. Braun OnlineSuite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OnlineSuite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "AP", + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "B. Braun Melsungen AG" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RELATIVE PATH TRAVERSAL CWE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01" + } + ] + }, + "source": { + "advisory": "ICSMA-20-296-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25174.json b/2020/25xxx/CVE-2020-25174.json index bc95ed7039f..32a3dbfa6d3 100644 --- a/2020/25xxx/CVE-2020-25174.json +++ b/2020/25xxx/CVE-2020-25174.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-10-22T15:00:00.000Z", "ID": "CVE-2020-25174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "B. Braun OnlineSuite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OnlineSuite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "AP", + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "B. Braun Melsungen AG" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01" + } + ] + }, + "source": { + "advisory": "ICSMA-20-296-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26213.json b/2020/26xxx/CVE-2020-26213.json index 5ab7573b25f..20029afa2dd 100644 --- a/2020/26xxx/CVE-2020-26213.json +++ b/2020/26xxx/CVE-2020-26213.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills.\nThe issue is patched in teler 0.0.1 and 0.0.1-dev5.1." + "value": "In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1." } ] }, diff --git a/2020/5xxx/CVE-2020-5794.json b/2020/5xxx/CVE-2020-5794.json index 80b3fd4ca56..18c7c979b4a 100644 --- a/2020/5xxx/CVE-2020-5794.json +++ b/2020/5xxx/CVE-2020-5794.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nessus Network Monitor", + "version": { + "version_data": [ + { + "version_value": "NNM 5.11.0, 5.11.1, 5.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2020-09", + "url": "https://www.tenable.com/security/tns-2020-09" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability." } ] } diff --git a/2020/8xxx/CVE-2020-8577.json b/2020/8xxx/CVE-2020-8577.json index f9e993fe614..95f95c67647 100644 --- a/2020/8xxx/CVE-2020-8577.json +++ b/2020/8xxx/CVE-2020-8577.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "E-Series SANtricity OS Controller Software", + "version": { + "version_data": [ + { + "version_value": "11.50.1 and higher" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20201105-0001/", + "url": "https://security.netapp.com/advisory/ntap-20201105-0001/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session." } ] }