diff --git a/2019/1010xxx/CVE-2019-1010180.json b/2019/1010xxx/CVE-2019-1010180.json index 83762c5093b..3c74398dd0b 100644 --- a/2019/1010xxx/CVE-2019-1010180.json +++ b/2019/1010xxx/CVE-2019-1010180.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2494", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-31", + "url": "https://security.gentoo.org/glsa/202003-31" } ] } diff --git a/2019/13xxx/CVE-2019-13627.json b/2019/13xxx/CVE-2019-13627.json index 01f85e5c732..4a75a9d13c9 100644 --- a/2019/13xxx/CVE-2019-13627.json +++ b/2019/13xxx/CVE-2019-13627.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4236-3", "url": "https://usn.ubuntu.com/4236-3/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-32", + "url": "https://security.gentoo.org/glsa/202003-32" } ] } diff --git a/2020/10xxx/CVE-2020-10588.json b/2020/10xxx/CVE-2020-10588.json index 88cb699b536..744d0b8bb76 100644 --- a/2020/10xxx/CVE-2020-10588.json +++ b/2020/10xxx/CVE-2020-10588.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10588", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp1-sh", + "refsource": "MISC", + "name": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp1-sh" } ] } diff --git a/2020/10xxx/CVE-2020-10589.json b/2020/10xxx/CVE-2020-10589.json index 0a06712c0a7..81887c7a453 100644 --- a/2020/10xxx/CVE-2020-10589.json +++ b/2020/10xxx/CVE-2020-10589.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10589", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh", + "refsource": "MISC", + "name": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh" } ] } diff --git a/2020/10xxx/CVE-2020-10590.json b/2020/10xxx/CVE-2020-10590.json new file mode 100644 index 00000000000..2b855aa2793 --- /dev/null +++ b/2020/10xxx/CVE-2020-10590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10591.json b/2020/10xxx/CVE-2020-10591.json new file mode 100644 index 00000000000..086e7af2abd --- /dev/null +++ b/2020/10xxx/CVE-2020-10591.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/walmartlabs/concord/issues/22", + "refsource": "MISC", + "name": "https://github.com/walmartlabs/concord/issues/22" + }, + { + "url": "https://github.com/walmartlabs/concord/compare/1.43.0...1.44.0", + "refsource": "MISC", + "name": "https://github.com/walmartlabs/concord/compare/1.43.0...1.44.0" + } + ] + } +} \ No newline at end of file