"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2020-05-18 19:01:18 +00:00 · 2020-05-18 19:01:18 +00:00 · 17c0729bfc
commit 17c0729bfc
parent 4a09f8d2a1
8 changed files with 216 additions and 0 deletions
--- a/2019/3xxx/CVE-2019-3025.json
+++ b/2019/3xxx/CVE-2019-3025.json
@ -57,6 +57,11 @@
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                "refsource": "MISC",
                "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/157746/Oracle-Hospitality-RES-3700-5.7-Remote-Code-Execution.html",
+                "url": "http://packetstormsecurity.com/files/157746/Oracle-Hospitality-RES-3700-5.7-Remote-Code-Execution.html"
            }
        ]
    }
--- a/2020/11xxx/CVE-2020-11108.json
+++ b/2020/11xxx/CVE-2020-11108.json
@ -71,6 +71,11 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.html",
                "url": "http://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.html",
+                "url": "http://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.html"
            }
        ]
    }
--- a/2020/11xxx/CVE-2020-11931.json
+++ b/2020/11xxx/CVE-2020-11931.json
@ -100,6 +100,11 @@
                "refsource": "MISC",
                "url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3",
                "name": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
+            },
+            {
+                "refsource": "UBUNTU",
+                "name": "USN-4355-1",
+                "url": "https://usn.ubuntu.com/4355-1/"
            }
        ]
    },
--- a/2020/13xxx/CVE-2020-13118.json
+++ b/2020/13xxx/CVE-2020-13118.json
@ -56,6 +56,11 @@
                "url": "https://github.com/adeoluwa-adebiyi/Mikrotik-Router-Monitoring-System/issues/4",
                "refsource": "MISC",
                "name": "https://github.com/adeoluwa-adebiyi/Mikrotik-Router-Monitoring-System/issues/4"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/157733/Mikrotik-Router-Monitoring-System-1.2.3-SQL-Injection.html",
+                "url": "http://packetstormsecurity.com/files/157733/Mikrotik-Router-Monitoring-System-1.2.3-SQL-Injection.html"
            }
        ]
    }
--- a/2020/13xxx/CVE-2020-13144.json
+++ b/2020/13xxx/CVE-2020-13144.json
@ -0,0 +1,67 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2020-13144",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the \"Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code\" screen, edit the problem, and execute Python code. This leads to arbitrary code execution."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://stark0de.com/2020/05/17/openedx-vulnerabilities.html",
+                "refsource": "MISC",
+                "name": "https://stark0de.com/2020/05/17/openedx-vulnerabilities.html"
+            },
+            {
+                "url": "https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/architecture.html",
+                "refsource": "MISC",
+                "name": "https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/architecture.html"
+            }
+        ]
+    }
+}
--- a/2020/13xxx/CVE-2020-13145.json
+++ b/2020/13xxx/CVE-2020-13145.json
@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2020-13145",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the \"Content>File Uploads\" screen. These files can contain JavaScript code and thus lead to Stored XSS."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://stark0de.com/2020/05/17/openedx-vulnerabilities.html",
+                "refsource": "MISC",
+                "name": "https://stark0de.com/2020/05/17/openedx-vulnerabilities.html"
+            }
+        ]
+    }
+}
--- a/2020/13xxx/CVE-2020-13146.json
+++ b/2020/13xxx/CVE-2020-13146.json
@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2020-13146",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the \"Course>Data Downloads>Reports>Download profile info\" feature."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://stark0de.com/2020/05/17/openedx-vulnerabilities.html",
+                "refsource": "MISC",
+                "name": "https://stark0de.com/2020/05/17/openedx-vulnerabilities.html"
+            }
+        ]
+    }
+}
--- a/2020/7xxx/CVE-2020-7209.json
+++ b/2020/7xxx/CVE-2020-7209.json
@ -48,6 +48,11 @@
                "refsource": "MISC",
                "name": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2",
                "url": "https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html",
+                "url": "http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html"
            }
        ]
    },