diff --git a/2010/0xxx/CVE-2010-0425.json b/2010/0xxx/CVE-2010-0425.json index 669ff024575..de72f341a24 100644 --- a/2010/0xxx/CVE-2010-0425.json +++ b/2010/0xxx/CVE-2010-0425.json @@ -171,6 +171,11 @@ "refsource": "MLIST", "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/11650", + "url": "https://www.exploit-db.com/exploits/11650" } ] } diff --git a/2020/10xxx/CVE-2020-10213.json b/2020/10xxx/CVE-2020-10213.json new file mode 100644 index 00000000000..bdf6dd8219c --- /dev/null +++ b/2020/10xxx/CVE-2020-10213.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md", + "refsource": "MISC", + "name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md" + }, + { + "url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf", + "refsource": "MISC", + "name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10214.json b/2020/10xxx/CVE-2020-10214.json new file mode 100644 index 00000000000..7f3ff08719e --- /dev/null +++ b/2020/10xxx/CVE-2020-10214.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability4.md", + "refsource": "MISC", + "name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability4.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10215.json b/2020/10xxx/CVE-2020-10215.json new file mode 100644 index 00000000000..23c4ae488c7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10215.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf", + "refsource": "MISC", + "name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf" + }, + { + "url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md", + "refsource": "MISC", + "name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10216.json b/2020/10xxx/CVE-2020-10216.json new file mode 100644 index 00000000000..db2d2d99403 --- /dev/null +++ b/2020/10xxx/CVE-2020-10216.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf", + "refsource": "MISC", + "name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf" + }, + { + "url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md", + "refsource": "MISC", + "name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8439.json b/2020/8xxx/CVE-2020-8439.json index 16739eececb..cb84dc8aa68 100644 --- a/2020/8xxx/CVE-2020-8439.json +++ b/2020/8xxx/CVE-2020-8439.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8439", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8439", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://uploadboy.me/cn40ne6p89t6/POC.mp4.html", + "refsource": "MISC", + "name": "http://uploadboy.me/cn40ne6p89t6/POC.mp4.html" + }, + { + "refsource": "MISC", + "name": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/02630f153869936d555a79f89d717f9c.pdf", + "url": "https://cert.ikiu.ac.ir/public-files/pages/attachments/11/02630f153869936d555a79f89d717f9c.pdf" } ] } diff --git a/2020/9xxx/CVE-2020-9281.json b/2020/9xxx/CVE-2020-9281.json index 59f2866e32c..2a04f24c101 100644 --- a/2020/9xxx/CVE-2020-9281.json +++ b/2020/9xxx/CVE-2020-9281.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9281", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9281", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted \"protected\" comment (with the cke_protected syntax)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ckeditor/ckeditor4", + "refsource": "MISC", + "name": "https://github.com/ckeditor/ckeditor4" } ] } diff --git a/2020/9xxx/CVE-2020-9470.json b/2020/9xxx/CVE-2020-9470.json index 2447a4834d9..2949d45ee10 100644 --- a/2020/9xxx/CVE-2020-9470.json +++ b/2020/9xxx/CVE-2020-9470.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9470", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9470", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php", + "url": "https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php" } ] }