From 0fd931417ef0133072730451c32828db3a15afbc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 31 Aug 2020 17:01:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/13xxx/CVE-2017-13772.json | 5 +++ 2020/11xxx/CVE-2020-11984.json | 5 +++ 2020/20xxx/CVE-2020-20628.json | 56 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7521.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7522.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7523.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7524.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7525.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7526.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7527.json | 50 ++++++++++++++++++++++++++++-- 10 files changed, 389 insertions(+), 27 deletions(-) diff --git a/2017/13xxx/CVE-2017-13772.json b/2017/13xxx/CVE-2017-13772.json index 8bac41159b0..2f84392bc32 100644 --- a/2017/13xxx/CVE-2017-13772.json +++ b/2017/13xxx/CVE-2017-13772.json @@ -61,6 +61,11 @@ "name": "43022", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43022/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158999/TP-Link-WDR4300-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/158999/TP-Link-WDR4300-Remote-Code-Execution.html" } ] } diff --git a/2020/11xxx/CVE-2020-11984.json b/2020/11xxx/CVE-2020-11984.json index 6e41bc33db1..aaae80e6059 100644 --- a/2020/11xxx/CVE-2020-11984.json +++ b/2020/11xxx/CVE-2020-11984.json @@ -113,6 +113,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1293", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html", + "url": "http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html" } ] }, diff --git a/2020/20xxx/CVE-2020-20628.json b/2020/20xxx/CVE-2020-20628.json index 6ee5ecd8cbf..cfd3098aa18 100644 --- a/2020/20xxx/CVE-2020-20628.json +++ b/2020/20xxx/CVE-2020-20628.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20628", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20628", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/", + "url": "https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/" } ] } diff --git a/2020/7xxx/CVE-2020-7521.json b/2020/7xxx/CVE-2020-7521.json index 1c164dd85ce..483e9897912 100644 --- a/2020/7xxx/CVE-2020-7521.json +++ b/2020/7xxx/CVE-2020-7521.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier", + "version": { + "version_data": [ + { + "version_value": "SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories." } ] } diff --git a/2020/7xxx/CVE-2020-7522.json b/2020/7xxx/CVE-2020-7522.json index ee7017cd3a9..e92a5d46278 100644 --- a/2020/7xxx/CVE-2020-7522.json +++ b/2020/7xxx/CVE-2020-7522.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier", + "version": { + "version_data": [ + { + "version_value": "SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories." } ] } diff --git a/2020/7xxx/CVE-2020-7523.json b/2020/7xxx/CVE-2020-7523.json index a8e98dd33c0..55b11f0c543 100644 --- a/2020/7xxx/CVE-2020-7523.json +++ b/2020/7xxx/CVE-2020-7523.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30, Schneider Electric Modbus Serial Driver (32 bits) versions prior to V2.20 IE 30, and Schneider Electric Modbus Driver Suite versions prior to V14.15.0.0", + "version": { + "version_data": [ + { + "version_value": "Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30, Schneider Electric Modbus Serial Driver (32 bits) versions prior to V2.20 IE 30, and Schneider Electric Modbus Driver Suite versions prior to V14.15.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-01/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-01/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor." } ] } diff --git a/2020/7xxx/CVE-2020-7524.json b/2020/7xxx/CVE-2020-7524.json index 0208a472d63..7648ea0feeb 100644 --- a/2020/7xxx/CVE-2020-7524.json +++ b/2020/7xxx/CVE-2020-7524.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M218 Logic Controller V5.0.0.7 and prior", + "version": { + "version_data": [ + { + "version_value": "Modicon M218 Logic Controller V5.0.0.7 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787:Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-03/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-03/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal." } ] } diff --git a/2020/7xxx/CVE-2020-7525.json b/2020/7xxx/CVE-2020-7525.json index 81477f3e568..66e99d35eb0 100644 --- a/2020/7xxx/CVE-2020-7525.json +++ b/2020/7xxx/CVE-2020-7525.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "All hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) ", + "version": { + "version_data": [ + { + "version_value": "All hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307: Improper Restriction of Excessive Authentication Attempts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-02/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-02/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used." } ] } diff --git a/2020/7xxx/CVE-2020-7526.json b/2020/7xxx/CVE-2020-7526.json index e68027f9faf..8d31d10d4b8 100644 --- a/2020/7xxx/CVE-2020-7526.json +++ b/2020/7xxx/CVE-2020-7526.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PowerChute Business Edition software V9.0.x and earlier ", + "version": { + "version_data": [ + { + "version_value": "PowerChute Business Edition software V9.0.x and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-05/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event." } ] } diff --git a/2020/7xxx/CVE-2020-7527.json b/2020/7xxx/CVE-2020-7527.json index cc55ddb84f6..bfa47c26b9c 100644 --- a/2020/7xxx/CVE-2020-7527.json +++ b/2020/7xxx/CVE-2020-7527.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SoMove V2.8.1 and prior", + "version": { + "version_data": [ + { + "version_value": "SoMove V2.8.1 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permission" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-224-07/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-224-07/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched." } ] }