diff --git a/2020/11xxx/CVE-2020-11586.json b/2020/11xxx/CVE-2020-11586.json new file mode 100644 index 00000000000..d16728313e2 --- /dev/null +++ b/2020/11xxx/CVE-2020-11586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11587.json b/2020/11xxx/CVE-2020-11587.json new file mode 100644 index 00000000000..7e6cf852fcd --- /dev/null +++ b/2020/11xxx/CVE-2020-11587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11588.json b/2020/11xxx/CVE-2020-11588.json new file mode 100644 index 00000000000..9f40634ec0c --- /dev/null +++ b/2020/11xxx/CVE-2020-11588.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11589.json b/2020/11xxx/CVE-2020-11589.json new file mode 100644 index 00000000000..463fb040581 --- /dev/null +++ b/2020/11xxx/CVE-2020-11589.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11590.json b/2020/11xxx/CVE-2020-11590.json new file mode 100644 index 00000000000..20a5f56061a --- /dev/null +++ b/2020/11xxx/CVE-2020-11590.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11591.json b/2020/11xxx/CVE-2020-11591.json new file mode 100644 index 00000000000..fa0c0a4713d --- /dev/null +++ b/2020/11xxx/CVE-2020-11591.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11592.json b/2020/11xxx/CVE-2020-11592.json new file mode 100644 index 00000000000..e2023ce4bc2 --- /dev/null +++ b/2020/11xxx/CVE-2020-11592.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11593.json b/2020/11xxx/CVE-2020-11593.json new file mode 100644 index 00000000000..70823d7a991 --- /dev/null +++ b/2020/11xxx/CVE-2020-11593.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11594.json b/2020/11xxx/CVE-2020-11594.json new file mode 100644 index 00000000000..d8ece9aa8c7 --- /dev/null +++ b/2020/11xxx/CVE-2020-11594.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11595.json b/2020/11xxx/CVE-2020-11595.json new file mode 100644 index 00000000000..f4353eeae97 --- /dev/null +++ b/2020/11xxx/CVE-2020-11595.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11596.json b/2020/11xxx/CVE-2020-11596.json new file mode 100644 index 00000000000..077902441db --- /dev/null +++ b/2020/11xxx/CVE-2020-11596.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11597.json b/2020/11xxx/CVE-2020-11597.json new file mode 100644 index 00000000000..3b2e73feaa4 --- /dev/null +++ b/2020/11xxx/CVE-2020-11597.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11598.json b/2020/11xxx/CVE-2020-11598.json new file mode 100644 index 00000000000..9b8a5ff43cd --- /dev/null +++ b/2020/11xxx/CVE-2020-11598.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11599.json b/2020/11xxx/CVE-2020-11599.json new file mode 100644 index 00000000000..05e805d042e --- /dev/null +++ b/2020/11xxx/CVE-2020-11599.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7622.json b/2020/7xxx/CVE-2020-7622.json index 8efef234c86..c319e09ad2b 100644 --- a/2020/7xxx/CVE-2020-7622.json +++ b/2020/7xxx/CVE-2020-7622.json @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions before 2.2.1 are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting." + "value": "All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting." } ] }