From 19d750e377e8d4cef3956420980dd62dfa28c1c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Apr 2020 14:01:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/13xxx/CVE-2018-13371.json | 64 ++++++++++++++++++++++++++++---- 2019/20xxx/CVE-2019-20635.json | 18 +++++++++ 2019/6xxx/CVE-2019-6999.json | 14 +++---- 2019/7xxx/CVE-2019-7008.json | 14 +++---- 2019/7xxx/CVE-2019-7009.json | 14 +++---- 2019/7xxx/CVE-2019-7010.json | 14 +++---- 2019/7xxx/CVE-2019-7011.json | 14 +++---- 2019/7xxx/CVE-2019-7012.json | 14 +++---- 2019/7xxx/CVE-2019-7013.json | 14 +++---- 2019/7xxx/CVE-2019-7014.json | 14 +++---- 2019/7xxx/CVE-2019-7015.json | 14 +++---- 2019/7xxx/CVE-2019-7016.json | 14 +++---- 2019/7xxx/CVE-2019-7017.json | 14 +++---- 2020/10xxx/CVE-2020-10246.json | 5 +++ 2020/10xxx/CVE-2020-10247.json | 5 +++ 2020/11xxx/CVE-2020-11490.json | 67 ++++++++++++++++++++++++++++++++++ 2020/11xxx/CVE-2020-11491.json | 67 ++++++++++++++++++++++++++++++++++ 2020/9xxx/CVE-2020-9015.json | 2 +- 18 files changed, 297 insertions(+), 85 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20635.json create mode 100644 2020/11xxx/CVE-2020-11490.json create mode 100644 2020/11xxx/CVE-2020-11491.json diff --git a/2018/13xxx/CVE-2018-13371.json b/2018/13xxx/CVE-2018-13371.json index 1e9a7fe2b91..6d4f11d3628 100644 --- a/2018/13xxx/CVE-2018-13371.json +++ b/2018/13xxx/CVE-2018-13371.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-13371", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13371", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "6.2.0 and below versions" + }, + { + "version_value": "5.6.7 and below" + }, + { + "version_value": "5.4.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-18-230", + "url": "https://fortiguard.com/advisory/FG-IR-18-230" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component." } ] } diff --git a/2019/20xxx/CVE-2019-20635.json b/2019/20xxx/CVE-2019-20635.json new file mode 100644 index 00000000000..419e9a47b8e --- /dev/null +++ b/2019/20xxx/CVE-2019-20635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6999.json b/2019/6xxx/CVE-2019-6999.json index 31e21f891cf..aa608dcc2cf 100644 --- a/2019/6xxx/CVE-2019-6999.json +++ b/2019/6xxx/CVE-2019-6999.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6999", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6999", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7008.json b/2019/7xxx/CVE-2019-7008.json index 9596ebf6a69..0d85368191f 100644 --- a/2019/7xxx/CVE-2019-7008.json +++ b/2019/7xxx/CVE-2019-7008.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7008", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7008", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7009.json b/2019/7xxx/CVE-2019-7009.json index cda45822a1c..804bae4339f 100644 --- a/2019/7xxx/CVE-2019-7009.json +++ b/2019/7xxx/CVE-2019-7009.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7009", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7009", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7010.json b/2019/7xxx/CVE-2019-7010.json index e412ed6b6bb..d19a6cc3597 100644 --- a/2019/7xxx/CVE-2019-7010.json +++ b/2019/7xxx/CVE-2019-7010.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7010", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7010", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7011.json b/2019/7xxx/CVE-2019-7011.json index 7f6b7af7702..afe1f8e64f5 100644 --- a/2019/7xxx/CVE-2019-7011.json +++ b/2019/7xxx/CVE-2019-7011.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7011", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7011", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7012.json b/2019/7xxx/CVE-2019-7012.json index 0d9b4c3cc0a..9c35d19a8a1 100644 --- a/2019/7xxx/CVE-2019-7012.json +++ b/2019/7xxx/CVE-2019-7012.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7012", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7012", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7013.json b/2019/7xxx/CVE-2019-7013.json index dd24e87dbb4..f78eb9f0727 100644 --- a/2019/7xxx/CVE-2019-7013.json +++ b/2019/7xxx/CVE-2019-7013.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7013", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7013", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7014.json b/2019/7xxx/CVE-2019-7014.json index c4efd82bf3e..1aef55baa0a 100644 --- a/2019/7xxx/CVE-2019-7014.json +++ b/2019/7xxx/CVE-2019-7014.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7014", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7014", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7015.json b/2019/7xxx/CVE-2019-7015.json index b8485b1db95..22f9b1979a2 100644 --- a/2019/7xxx/CVE-2019-7015.json +++ b/2019/7xxx/CVE-2019-7015.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7015", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7015", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7016.json b/2019/7xxx/CVE-2019-7016.json index daff29105dc..7685f2f7d28 100644 --- a/2019/7xxx/CVE-2019-7016.json +++ b/2019/7xxx/CVE-2019-7016.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7016", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7016", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/7xxx/CVE-2019-7017.json b/2019/7xxx/CVE-2019-7017.json index 8846f3698d2..d5c767e8bb4 100644 --- a/2019/7xxx/CVE-2019-7017.json +++ b/2019/7xxx/CVE-2019-7017.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7017", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7017", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2020/10xxx/CVE-2020-10246.json b/2020/10xxx/CVE-2020-10246.json index 810ff7cdd04..5fc85c885cb 100644 --- a/2020/10xxx/CVE-2020-10246.json +++ b/2020/10xxx/CVE-2020-10246.json @@ -56,6 +56,11 @@ "url": "https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491", "refsource": "MISC", "name": "https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/MISP/MISP/releases/tag/v2.4.123", + "url": "https://github.com/MISP/MISP/releases/tag/v2.4.123" } ] } diff --git a/2020/10xxx/CVE-2020-10247.json b/2020/10xxx/CVE-2020-10247.json index 07694e547ac..4ba435824aa 100644 --- a/2020/10xxx/CVE-2020-10247.json +++ b/2020/10xxx/CVE-2020-10247.json @@ -56,6 +56,11 @@ "url": "https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed", "refsource": "MISC", "name": "https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/MISP/MISP/releases/tag/v2.4.123", + "url": "https://github.com/MISP/MISP/releases/tag/v2.4.123" } ] } diff --git a/2020/11xxx/CVE-2020-11490.json b/2020/11xxx/CVE-2020-11490.json new file mode 100644 index 00000000000..23d987cbd57 --- /dev/null +++ b/2020/11xxx/CVE-2020-11490.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html", + "refsource": "MISC", + "name": "http://code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html" + }, + { + "url": "https://github.com/c610/tmp/blob/master/zenload4patreons.zip", + "refsource": "MISC", + "name": "https://github.com/c610/tmp/blob/master/zenload4patreons.zip" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11491.json b/2020/11xxx/CVE-2020-11491.json new file mode 100644 index 00000000000..fd84667f697 --- /dev/null +++ b/2020/11xxx/CVE-2020-11491.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html", + "refsource": "MISC", + "name": "http://code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html" + }, + { + "url": "https://github.com/c610/tmp/blob/master/zenload4patreons.zip", + "refsource": "MISC", + "name": "https://github.com/c610/tmp/blob/master/zenload4patreons.zip" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9015.json b/2020/9xxx/CVE-2020-9015.json index 04548f2f9ee..794896dfa29 100644 --- a/2020/9xxx/CVE-2020-9015.json +++ b/2020/9xxx/CVE-2020-9015.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character." + "value": "** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands." } ] },