From 1495451f8745d92fed479b4768f40b97ea77b53f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jan 2020 18:01:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2012/6xxx/CVE-2012-6083.json | 55 +++++++++++++++++++++-- 2018/18xxx/CVE-2018-18035.json | 5 +++ 2019/14xxx/CVE-2019-14895.json | 5 +++ 2019/14xxx/CVE-2019-14896.json | 5 +++ 2019/14xxx/CVE-2019-14897.json | 5 +++ 2019/14xxx/CVE-2019-14901.json | 5 +++ 2019/15xxx/CVE-2019-15707.json | 62 +++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15712.json | 62 +++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16231.json | 5 +++ 2019/16xxx/CVE-2019-16512.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16513.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16514.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16515.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16516.json | 82 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16517.json | 82 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18660.json | 5 +++ 2019/18xxx/CVE-2019-18813.json | 5 +++ 2019/19xxx/CVE-2019-19045.json | 5 +++ 2019/19xxx/CVE-2019-19051.json | 5 +++ 2019/19xxx/CVE-2019-19052.json | 5 +++ 2019/19xxx/CVE-2019-19055.json | 5 +++ 2019/19xxx/CVE-2019-19072.json | 5 +++ 2019/19xxx/CVE-2019-19524.json | 5 +++ 2019/19xxx/CVE-2019-19529.json | 5 +++ 2019/19xxx/CVE-2019-19534.json | 5 +++ 2020/7xxx/CVE-2020-7210.json | 5 +++ 2020/7xxx/CVE-2020-7220.json | 61 ++++++++++++++++++++++--- 2020/7xxx/CVE-2020-7246.json | 5 +++ 28 files changed, 813 insertions(+), 9 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15707.json create mode 100644 2019/15xxx/CVE-2019-15712.json create mode 100644 2019/16xxx/CVE-2019-16512.json create mode 100644 2019/16xxx/CVE-2019-16513.json create mode 100644 2019/16xxx/CVE-2019-16514.json create mode 100644 2019/16xxx/CVE-2019-16515.json create mode 100644 2019/16xxx/CVE-2019-16516.json create mode 100644 2019/16xxx/CVE-2019-16517.json diff --git a/2012/6xxx/CVE-2012-6083.json b/2012/6xxx/CVE-2012-6083.json index c439ad4d3a4..ccd55b06396 100644 --- a/2012/6xxx/CVE-2012-6083.json +++ b/2012/6xxx/CVE-2012-6083.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6083", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "freeciv", + "product": { + "product_data": [ + { + "product_name": "freeciv", + "version": { + "version_data": [ + { + "version_value": "before 2.3.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/31/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/31/2" + }, + { + "refsource": "MISC", + "name": "https://freeciv.fandom.com/wiki/NEWS-2.3.3", + "url": "https://freeciv.fandom.com/wiki/NEWS-2.3.3" } ] } diff --git a/2018/18xxx/CVE-2018-18035.json b/2018/18xxx/CVE-2018-18035.json index 8e1cab83c28..4052285d306 100644 --- a/2018/18xxx/CVE-2018-18035.json +++ b/2018/18xxx/CVE-2018-18035.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + }, + { + "refsource": "MISC", + "name": "https://www.purplemet.com/blog/openemr-xss-vulnerability", + "url": "https://www.purplemet.com/blog/openemr-xss-vulnerability" } ] } diff --git a/2019/14xxx/CVE-2019-14895.json b/2019/14xxx/CVE-2019-14895.json index e663739a87f..a87e213a852 100644 --- a/2019/14xxx/CVE-2019-14895.json +++ b/2019/14xxx/CVE-2019-14895.json @@ -108,6 +108,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14896.json b/2019/14xxx/CVE-2019-14896.json index 64680ea3618..e6e4db9f26f 100644 --- a/2019/14xxx/CVE-2019-14896.json +++ b/2019/14xxx/CVE-2019-14896.json @@ -103,6 +103,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14897.json b/2019/14xxx/CVE-2019-14897.json index cb7cb17c078..83e294e0b0d 100644 --- a/2019/14xxx/CVE-2019-14897.json +++ b/2019/14xxx/CVE-2019-14897.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14901.json b/2019/14xxx/CVE-2019-14901.json index b2b63069905..c515540f1e0 100644 --- a/2019/14xxx/CVE-2019-14901.json +++ b/2019/14xxx/CVE-2019-14901.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/15xxx/CVE-2019-15707.json b/2019/15xxx/CVE-2019-15707.json new file mode 100644 index 00000000000..5d1dbcfa57d --- /dev/null +++ b/2019/15xxx/CVE-2019-15707.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15707", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-19-237", + "url": "https://fortiguard.com/advisory/FG-IR-19-237" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15712.json b/2019/15xxx/CVE-2019-15712.json new file mode 100644 index 00000000000..409bef6b61b --- /dev/null +++ b/2019/15xxx/CVE-2019-15712.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15712", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-19-237", + "url": "https://fortiguard.com/advisory/FG-IR-19-237" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16231.json b/2019/16xxx/CVE-2019-16231.json index ead001855cb..461efbe4529 100644 --- a/2019/16xxx/CVE-2019-16231.json +++ b/2019/16xxx/CVE-2019-16231.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/16xxx/CVE-2019-16512.json b/2019/16xxx/CVE-2019-16512.json new file mode 100644 index 00000000000..6379d496454 --- /dev/null +++ b/2019/16xxx/CVE-2019-16512.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16513.json b/2019/16xxx/CVE-2019-16513.json new file mode 100644 index 00000000000..ae8458f9aa3 --- /dev/null +++ b/2019/16xxx/CVE-2019-16513.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16514.json b/2019/16xxx/CVE-2019-16514.json new file mode 100644 index 00000000000..c23f1fab979 --- /dev/null +++ b/2019/16xxx/CVE-2019-16514.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16515.json b/2019/16xxx/CVE-2019-16515.json new file mode 100644 index 00000000000..a7feeb407d6 --- /dev/null +++ b/2019/16xxx/CVE-2019-16515.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16516.json b/2019/16xxx/CVE-2019-16516.json new file mode 100644 index 00000000000..454e4b4b4e0 --- /dev/null +++ b/2019/16xxx/CVE-2019-16516.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16517.json b/2019/16xxx/CVE-2019-16517.json new file mode 100644 index 00000000000..f88b03a1f25 --- /dev/null +++ b/2019/16xxx/CVE-2019-16517.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18660.json b/2019/18xxx/CVE-2019-18660.json index 36a8b050244..45cdbe6f29b 100644 --- a/2019/18xxx/CVE-2019-18660.json +++ b/2019/18xxx/CVE-2019-18660.json @@ -136,6 +136,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0174", "url": "https://access.redhat.com/errata/RHSA-2020:0174" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/18xxx/CVE-2019-18813.json b/2019/18xxx/CVE-2019-18813.json index eb9514f3b15..2e8f8e535d7 100644 --- a/2019/18xxx/CVE-2019-18813.json +++ b/2019/18xxx/CVE-2019-18813.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19045.json b/2019/19xxx/CVE-2019-19045.json index 03a309fef1d..ab7e9771cdf 100644 --- a/2019/19xxx/CVE-2019-19045.json +++ b/2019/19xxx/CVE-2019-19045.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19051.json b/2019/19xxx/CVE-2019-19051.json index 2c57fdb32ce..18eef3ffc6f 100644 --- a/2019/19xxx/CVE-2019-19051.json +++ b/2019/19xxx/CVE-2019-19051.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19052.json b/2019/19xxx/CVE-2019-19052.json index c3c8bf73f49..3c9afcd254a 100644 --- a/2019/19xxx/CVE-2019-19052.json +++ b/2019/19xxx/CVE-2019-19052.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19055.json b/2019/19xxx/CVE-2019-19055.json index 4e26d418135..cd39e9eac73 100644 --- a/2019/19xxx/CVE-2019-19055.json +++ b/2019/19xxx/CVE-2019-19055.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19072.json b/2019/19xxx/CVE-2019-19072.json index 9dfe49fe8e8..33265d3b560 100644 --- a/2019/19xxx/CVE-2019-19072.json +++ b/2019/19xxx/CVE-2019-19072.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19524.json b/2019/19xxx/CVE-2019-19524.json index 772c1b585c9..58fabba5160 100644 --- a/2019/19xxx/CVE-2019-19524.json +++ b/2019/19xxx/CVE-2019-19524.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19529.json b/2019/19xxx/CVE-2019-19529.json index 6ca371aa039..99acb537882 100644 --- a/2019/19xxx/CVE-2019-19529.json +++ b/2019/19xxx/CVE-2019-19529.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19534.json b/2019/19xxx/CVE-2019-19534.json index cfa9c4a5d9d..fd51f1e752f 100644 --- a/2019/19xxx/CVE-2019-19534.json +++ b/2019/19xxx/CVE-2019-19534.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2020/7xxx/CVE-2020-7210.json b/2020/7xxx/CVE-2020-7210.json index 3f709f6d1d2..505e9f4aa81 100644 --- a/2020/7xxx/CVE-2020-7210.json +++ b/2020/7xxx/CVE-2020-7210.json @@ -71,6 +71,11 @@ "refsource": "BUGTRAQ", "name": "20200123 SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS", "url": "https://seclists.org/bugtraq/2020/Jan/35" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request-Forgery.html" } ] } diff --git a/2020/7xxx/CVE-2020-7220.json b/2020/7xxx/CVE-2020-7220.json index c54742caae0..f66a4007b9c 100644 --- a/2020/7xxx/CVE-2020-7220.json +++ b/2020/7xxx/CVE-2020-7220.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7220", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7220", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hashicorp.com/blog/category/vault/", + "refsource": "MISC", + "name": "https://www.hashicorp.com/blog/category/vault/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", + "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020" } ] } diff --git a/2020/7xxx/CVE-2020-7246.json b/2020/7xxx/CVE-2020-7246.json index 9d394531834..c8377064df7 100644 --- a/2020/7xxx/CVE-2020-7246.json +++ b/2020/7xxx/CVE-2020-7246.json @@ -56,6 +56,11 @@ "url": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing", "refsource": "MISC", "name": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.html" } ] }