diff --git a/2020/15xxx/CVE-2020-15129.json b/2020/15xxx/CVE-2020-15129.json index 84bb4176b54..ce972aecfeb 100644 --- a/2020/15xxx/CVE-2020-15129.json +++ b/2020/15xxx/CVE-2020-15129.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the \"X-Forwarded-Prefix\" header. The Traefik API dashboard component doesn't validate that the value of the header \"X-Forwarded-Prefix\" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information.\n\nActive Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.\n\n" + "value": "In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the \"X-Forwarded-Prefix\" header. The Traefik API dashboard component doesn't validate that the value of the header \"X-Forwarded-Prefix\" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios." } ] }, diff --git a/2020/15xxx/CVE-2020-15130.json b/2020/15xxx/CVE-2020-15130.json index 320d099df87..bf29a47366d 100644 --- a/2020/15xxx/CVE-2020-15130.json +++ b/2020/15xxx/CVE-2020-15130.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification.\n\nThis is fixed in version 0.27.4." + "value": "In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4." } ] }, diff --git a/2020/15xxx/CVE-2020-15131.json b/2020/15xxx/CVE-2020-15131.json index b149f43d7fd..f270a9195ef 100644 --- a/2020/15xxx/CVE-2020-15131.json +++ b/2020/15xxx/CVE-2020-15131.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification.\n\nThis is fixed in version 1.2.2." + "value": "In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2." } ] }, diff --git a/2020/16xxx/CVE-2020-16162.json b/2020/16xxx/CVE-2020-16162.json new file mode 100644 index 00000000000..6191918fa1d --- /dev/null +++ b/2020/16xxx/CVE-2020-16162.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-16162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/162", + "refsource": "MISC", + "name": "https://github.com/RIPE-NCC/rpki-validator-3/issues/162" + }, + { + "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/232", + "refsource": "MISC", + "name": "https://github.com/RIPE-NCC/rpki-validator-3/issues/232" + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16163.json b/2020/16xxx/CVE-2020-16163.json new file mode 100644 index 00000000000..8e472e9cc03 --- /dev/null +++ b/2020/16xxx/CVE-2020-16163.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-16163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/159", + "refsource": "MISC", + "name": "https://github.com/RIPE-NCC/rpki-validator-3/issues/159" + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16164.json b/2020/16xxx/CVE-2020-16164.json new file mode 100644 index 00000000000..77690dae116 --- /dev/null +++ b/2020/16xxx/CVE-2020-16164.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-16164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation \".roa\" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/232", + "refsource": "MISC", + "name": "https://github.com/RIPE-NCC/rpki-validator-3/issues/232" + }, + { + "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/158", + "refsource": "MISC", + "name": "https://github.com/RIPE-NCC/rpki-validator-3/issues/158" + } + ] + } +} \ No newline at end of file