diff --git a/2020/12xxx/CVE-2020-12457.json b/2020/12xxx/CVE-2020-12457.json new file mode 100644 index 00000000000..e2544f62783 --- /dev/null +++ b/2020/12xxx/CVE-2020-12457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2575.json b/2020/2xxx/CVE-2020-2575.json index 81ec511cfa3..699e750306b 100644 --- a/2020/2xxx/CVE-2020-2575.json +++ b/2020/2xxx/CVE-2020-2575.json @@ -1,75 +1,75 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-2575" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.40", - "version_affected": "<" - }, - { - "version_value": "6.0.20", - "version_affected": "<" - }, - { - "version_value": "6.1.6", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-2575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Oracle Corporation", + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "prior to 5.2.40" + }, + { + "version_value": "prior to 6.0.20" + }, + { + "version_value": "prior to 6.1.6" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" + } + ] } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ] } - } \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/2xxx/CVE-2020-2894.json b/2020/2xxx/CVE-2020-2894.json index 197f162ae73..b3e6f5a36ea 100644 --- a/2020/2xxx/CVE-2020-2894.json +++ b/2020/2xxx/CVE-2020-2894.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Oracle Corporation", "product": { "product_data": [ { @@ -18,23 +19,19 @@ "version": { "version_data": [ { - "version_value": "5.2.40", - "version_affected": "<" + "version_value": "prior to 5.2.40" }, { - "version_value": "6.0.20", - "version_affected": "<" + "version_value": "prior to 6.0.20" }, { - "version_value": "6.1.6", - "version_affected": "<" + "version_value": "prior to 6.1.6" } ] } } ] - }, - "vendor_name": "Oracle Corporation" + } } ] } diff --git a/2020/7xxx/CVE-2020-7804.json b/2020/7xxx/CVE-2020-7804.json index da8a1c4859b..a9ae7d3db49 100644 --- a/2020/7xxx/CVE-2020-7804.json +++ b/2020/7xxx/CVE-2020-7804.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2020-7804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HandySoft", + "product": { + "product_data": [ + { + "product_name": "HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10", + "version": { + "version_data": [ + { + "version_value": "1.7.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.handysoft.co.kr/product/product.html?seq=12", + "url": "http://www.handysoft.co.kr/product/product.html?seq=12" + }, + { + "refsource": "CONFIRM", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8773.json b/2020/8xxx/CVE-2020-8773.json index 7e33e5cc5e7..c1f1dadf067 100644 --- a/2020/8xxx/CVE-2020-8773.json +++ b/2020/8xxx/CVE-2020-8773.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8773", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8773", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536", + "url": "https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536" } ] } diff --git a/2020/8xxx/CVE-2020-8774.json b/2020/8xxx/CVE-2020-8774.json index 1c3a8ab127e..cf404b97304 100644 --- a/2020/8xxx/CVE-2020-8774.json +++ b/2020/8xxx/CVE-2020-8774.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8774", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8774", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the \"ActionStringID\" function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://community.pega.com/node/1913996", + "url": "https://community.pega.com/node/1913996" } ] } diff --git a/2020/9xxx/CVE-2020-9757.json b/2020/9xxx/CVE-2020-9757.json index ec34cc36cd4..0606986c848 100644 --- a/2020/9xxx/CVE-2020-9757.json +++ b/2020/9xxx/CVE-2020-9757.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Seomatic component before 3.2.46 (and/or before 3.3.0) for Craft CMS allows Server-Side Template Injection and information disclosure via malformed data to the metacontainers controller. Also, remote code execution may occur, related to craft.app.view.evaluateDynamicContent." + "value": "The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller." } ] },