From 10ba3ea84cc4ba80db3206ffbf46e98cd1d84ea8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 21 Aug 2020 15:01:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/20xxx/CVE-2020-20634.json | 56 +++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24051.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24052.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24053.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24054.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24055.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24056.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24057.json | 61 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7923.json | 5 +-- 9 files changed, 438 insertions(+), 50 deletions(-) diff --git a/2020/20xxx/CVE-2020-20634.json b/2020/20xxx/CVE-2020-20634.json index 72a138e4900..342dee05215 100644 --- a/2020/20xxx/CVE-2020-20634.json +++ b/2020/20xxx/CVE-2020-20634.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20634", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20634", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability/", + "refsource": "MISC", + "name": "https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability/" } ] } diff --git a/2020/24xxx/CVE-2020-24051.json b/2020/24xxx/CVE-2020-24051.json index fb82a6141ca..364b560817d 100644 --- a/2020/24xxx/CVE-2020-24051.json +++ b/2020/24xxx/CVE-2020-24051.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24051", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24051", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/" + }, + { + "url": "https://ioac.tv/3hy1xu6", + "refsource": "MISC", + "name": "https://ioac.tv/3hy1xu6" } ] } diff --git a/2020/24xxx/CVE-2020-24052.json b/2020/24xxx/CVE-2020-24052.json index 923adb29f9d..edbf6738444 100644 --- a/2020/24xxx/CVE-2020-24052.json +++ b/2020/24xxx/CVE-2020-24052.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24052", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/" + }, + { + "url": "https://ioac.tv/3hy1xu6", + "refsource": "MISC", + "name": "https://ioac.tv/3hy1xu6" } ] } diff --git a/2020/24xxx/CVE-2020-24053.json b/2020/24xxx/CVE-2020-24053.json index 15284cbe3f5..d9bbfd78b83 100644 --- a/2020/24xxx/CVE-2020-24053.json +++ b/2020/24xxx/CVE-2020-24053.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24053", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24053", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/" + }, + { + "url": "https://ioac.tv/3hy1xu6", + "refsource": "MISC", + "name": "https://ioac.tv/3hy1xu6" } ] } diff --git a/2020/24xxx/CVE-2020-24054.json b/2020/24xxx/CVE-2020-24054.json index 7bf96824b49..12e9d721f08 100644 --- a/2020/24xxx/CVE-2020-24054.json +++ b/2020/24xxx/CVE-2020-24054.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24054", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24054", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/" + }, + { + "url": "https://ioac.tv/3hy1xu6", + "refsource": "MISC", + "name": "https://ioac.tv/3hy1xu6" } ] } diff --git a/2020/24xxx/CVE-2020-24055.json b/2020/24xxx/CVE-2020-24055.json index c120e284086..f5fc9c5601e 100644 --- a/2020/24xxx/CVE-2020-24055.json +++ b/2020/24xxx/CVE-2020-24055.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/" + }, + { + "url": "https://ioac.tv/2Nbc40h", + "refsource": "MISC", + "name": "https://ioac.tv/2Nbc40h" } ] } diff --git a/2020/24xxx/CVE-2020-24056.json b/2020/24xxx/CVE-2020-24056.json index d0f10a260ff..e621ae651f8 100644 --- a/2020/24xxx/CVE-2020-24056.json +++ b/2020/24xxx/CVE-2020-24056.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24056", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24056", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/" + }, + { + "url": "https://ioac.tv/2Nbc40h", + "refsource": "MISC", + "name": "https://ioac.tv/2Nbc40h" } ] } diff --git a/2020/24xxx/CVE-2020-24057.json b/2020/24xxx/CVE-2020-24057.json index 1efb372592c..ba1cb6d91b9 100644 --- a/2020/24xxx/CVE-2020-24057.json +++ b/2020/24xxx/CVE-2020-24057.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24057", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24057", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/" + }, + { + "url": "https://ioac.tv/2Nbc40h", + "refsource": "MISC", + "name": "https://ioac.tv/2Nbc40h" } ] } diff --git a/2020/7xxx/CVE-2020-7923.json b/2020/7xxx/CVE-2020-7923.json index efd2e77eb79..7c037afeec7 100644 --- a/2020/7xxx/CVE-2020-7923.json +++ b/2020/7xxx/CVE-2020-7923.json @@ -91,8 +91,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://jira.mongodb.org/browse/SERVER-47773" + "refsource": "MISC", + "url": "https://jira.mongodb.org/browse/SERVER-47773", + "name": "https://jira.mongodb.org/browse/SERVER-47773" } ] },