diff --git a/2019/19xxx/CVE-2019-19454.json b/2019/19xxx/CVE-2019-19454.json index c24fd3ff53a..83cd87e93eb 100644 --- a/2019/19xxx/CVE-2019-19454.json +++ b/2019/19xxx/CVE-2019-19454.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19454.txt", "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19454.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-0-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-0-release-notes" } ] } diff --git a/2019/19xxx/CVE-2019-19456.json b/2019/19xxx/CVE-2019-19456.json index 6ee5c3f04a1..3d96406dbf3 100644 --- a/2019/19xxx/CVE-2019-19456.json +++ b/2019/19xxx/CVE-2019-19456.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19456.txt", "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-19456.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-0-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-0-release-notes" } ] } diff --git a/2019/3xxx/CVE-2019-3774.json b/2019/3xxx/CVE-2019-3774.json index 5a6411fc166..2137aee0a2f 100644 --- a/2019/3xxx/CVE-2019-3774.json +++ b/2019/3xxx/CVE-2019-3774.json @@ -131,6 +131,26 @@ "refsource": "MLIST", "name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774", "url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774", + "url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a@%3Cissues.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)", + "url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54@%3Ccommits.servicemix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)", + "url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E" } ] }, diff --git a/2019/7xxx/CVE-2019-7654.json b/2019/7xxx/CVE-2019-7654.json index 8a9c1a94701..b1b0eb68230 100644 --- a/2019/7xxx/CVE-2019-7654.json +++ b/2019/7xxx/CVE-2019-7654.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component." + "value": "Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5." } ] }, @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7654-CSRF-Wowza", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7654-CSRF-Wowza" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7654.txt", + "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7654.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes" } ] } diff --git a/2019/7xxx/CVE-2019-7655.json b/2019/7xxx/CVE-2019-7655.json index c6890fe4776..2c04666f516 100644 --- a/2019/7xxx/CVE-2019-7655.json +++ b/2019/7xxx/CVE-2019-7655.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form." + "value": "Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5." } ] }, @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7655.txt", + "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7655.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes" } ] } diff --git a/2019/7xxx/CVE-2019-7656.json b/2019/7xxx/CVE-2019-7656.json index 41b08fefc6e..199dba01c32 100644 --- a/2019/7xxx/CVE-2019-7656.json +++ b/2019/7xxx/CVE-2019-7656.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse." + "value": "A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse. This issue was resolved in Wowza Streaming Engine 4.8.5." } ] }, @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7656-PrivEscal-Wowza", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7656-PrivEscal-Wowza" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7656.txt", + "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7656.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes" } ] } diff --git a/2020/13xxx/CVE-2020-13254.json b/2020/13xxx/CVE-2020-13254.json index e96e859e09c..15e1dc67b3f 100644 --- a/2020/13xxx/CVE-2020-13254.json +++ b/2020/13xxx/CVE-2020-13254.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200612 [SECURITY] [DLA 2233-2] python-django regression update", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4705", + "url": "https://www.debian.org/security/2020/dsa-4705" } ] } diff --git a/2020/13xxx/CVE-2020-13596.json b/2020/13xxx/CVE-2020-13596.json index d64c7187f1a..94f050ca51c 100644 --- a/2020/13xxx/CVE-2020-13596.json +++ b/2020/13xxx/CVE-2020-13596.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200611-0002/", "url": "https://security.netapp.com/advisory/ntap-20200611-0002/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4705", + "url": "https://www.debian.org/security/2020/dsa-4705" } ] } diff --git a/2020/14xxx/CVE-2020-14426.json b/2020/14xxx/CVE-2020-14426.json index af4e18d18a0..4b76f6f87cf 100644 --- a/2020/14xxx/CVE-2020-14426.json +++ b/2020/14xxx/CVE-2020-14426.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061931/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Wifi-Systems-PSV-2020-0033", + "url": "https://kb.netgear.com/000061931/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Wifi-Systems-PSV-2020-0033" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14427.json b/2020/14xxx/CVE-2020-14427.json index b8c1f54d719..911dbb5799b 100644 --- a/2020/14xxx/CVE-2020-14427.json +++ b/2020/14xxx/CVE-2020-14427.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061935/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0042", + "url": "https://kb.netgear.com/000061935/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0042" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14428.json b/2020/14xxx/CVE-2020-14428.json index 3316538f7e8..3d05dfa1193 100644 --- a/2020/14xxx/CVE-2020-14428.json +++ b/2020/14xxx/CVE-2020-14428.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14428", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14428", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061936/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0044", + "url": "https://kb.netgear.com/000061936/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0044" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14429.json b/2020/14xxx/CVE-2020-14429.json index 4968ec7b0dc..df7f7e26dd2 100644 --- a/2020/14xxx/CVE-2020-14429.json +++ b/2020/14xxx/CVE-2020-14429.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14429", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14429", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050", + "url": "https://kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14430.json b/2020/14xxx/CVE-2020-14430.json index db0f825b861..4af543184ae 100644 --- a/2020/14xxx/CVE-2020-14430.json +++ b/2020/14xxx/CVE-2020-14430.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14430", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14430", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061939/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0051", + "url": "https://kb.netgear.com/000061939/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0051" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14431.json b/2020/14xxx/CVE-2020-14431.json index e2e5d5b75e1..b645a559b97 100644 --- a/2020/14xxx/CVE-2020-14431.json +++ b/2020/14xxx/CVE-2020-14431.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14431", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14431", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061944/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0068", + "url": "https://kb.netgear.com/000061944/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0068" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14432.json b/2020/14xxx/CVE-2020-14432.json index e4dc541843a..4c79eeb1570 100644 --- a/2020/14xxx/CVE-2020-14432.json +++ b/2020/14xxx/CVE-2020-14432.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14432", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14432", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061937/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-WiFi-Systems-PSV-2020-0049", + "url": "https://kb.netgear.com/000061937/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-WiFi-Systems-PSV-2020-0049" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14433.json b/2020/14xxx/CVE-2020-14433.json index c1cc54d5c20..f9e337968c4 100644 --- a/2020/14xxx/CVE-2020-14433.json +++ b/2020/14xxx/CVE-2020-14433.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14433", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14433", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061932/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0035", + "url": "https://kb.netgear.com/000061932/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0035" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14434.json b/2020/14xxx/CVE-2020-14434.json index e96e7dcad39..e3aaf625c4f 100644 --- a/2020/14xxx/CVE-2020-14434.json +++ b/2020/14xxx/CVE-2020-14434.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14434", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14434", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061934/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0040", + "url": "https://kb.netgear.com/000061934/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0040" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14435.json b/2020/14xxx/CVE-2020-14435.json index 431a9633b6a..2168d357d9b 100644 --- a/2020/14xxx/CVE-2020-14435.json +++ b/2020/14xxx/CVE-2020-14435.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061930/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0026", + "url": "https://kb.netgear.com/000061930/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0026" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:A/A:N/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14436.json b/2020/14xxx/CVE-2020-14436.json index 1ecfa1640e6..755ffc90d8f 100644 --- a/2020/14xxx/CVE-2020-14436.json +++ b/2020/14xxx/CVE-2020-14436.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14436", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14436", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061933/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0039", + "url": "https://kb.netgear.com/000061933/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0039" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14437.json b/2020/14xxx/CVE-2020-14437.json index c6501a7222d..23783eda6c7 100644 --- a/2020/14xxx/CVE-2020-14437.json +++ b/2020/14xxx/CVE-2020-14437.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14437", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14437", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061940/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0054", + "url": "https://kb.netgear.com/000061940/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0054" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14438.json b/2020/14xxx/CVE-2020-14438.json index c8569947114..dca5e43defc 100644 --- a/2020/14xxx/CVE-2020-14438.json +++ b/2020/14xxx/CVE-2020-14438.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14438", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14438", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061941/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0063", + "url": "https://kb.netgear.com/000061941/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0063" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14439.json b/2020/14xxx/CVE-2020-14439.json index bf309a9a63e..fb67985aa83 100644 --- a/2020/14xxx/CVE-2020-14439.json +++ b/2020/14xxx/CVE-2020-14439.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14439", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14439", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061942/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0064", + "url": "https://kb.netgear.com/000061942/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0064" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14440.json b/2020/14xxx/CVE-2020-14440.json index cfe51525d30..80e277dd143 100644 --- a/2020/14xxx/CVE-2020-14440.json +++ b/2020/14xxx/CVE-2020-14440.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14440", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14440", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061943/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0065", + "url": "https://kb.netgear.com/000061943/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0065" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14441.json b/2020/14xxx/CVE-2020-14441.json index 7e18085bede..f1d036f7b4e 100644 --- a/2020/14xxx/CVE-2020-14441.json +++ b/2020/14xxx/CVE-2020-14441.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14441", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14441", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061946/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0071", + "url": "https://kb.netgear.com/000061946/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0071" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14442.json b/2020/14xxx/CVE-2020-14442.json index c4da74d2e3f..e44a0d251f2 100644 --- a/2020/14xxx/CVE-2020-14442.json +++ b/2020/14xxx/CVE-2020-14442.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14442", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14442", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061947/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0103", + "url": "https://kb.netgear.com/000061947/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0103" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9004.json b/2020/9xxx/CVE-2020-9004.json index d95e2da7826..86ac9c200f7 100644 --- a/2020/9xxx/CVE-2020-9004.json +++ b/2020/9xxx/CVE-2020-9004.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.7.8 (build 20191105123929) allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges." + "value": "A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5." } ] }, @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-9004-Authenticated%20Remote%20Authorization%20Bypass%20Leading%20to%20RCE-Wowza", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-9004-Authenticated%20Remote%20Authorization%20Bypass%20Leading%20to%20RCE-Wowza" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2020-9004.txt", + "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2020-9004.txt" } ] } diff --git a/2020/9xxx/CVE-2020-9402.json b/2020/9xxx/CVE-2020-9402.json index bdec6069285..b94ba140dc0 100644 --- a/2020/9xxx/CVE-2020-9402.json +++ b/2020/9xxx/CVE-2020-9402.json @@ -81,6 +81,11 @@ "refsource": "GENTOO", "name": "GLSA-202004-17", "url": "https://security.gentoo.org/glsa/202004-17" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4705", + "url": "https://www.debian.org/security/2020/dsa-4705" } ] }