From 2424619b433f57267b4e540cad2d02dc68439a41 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Jun 2020 16:01:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12062.json | 66 ++++++++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13448.json | 56 +++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13694.json | 56 +++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13754.json | 18 ++++++++++ 2020/13xxx/CVE-2020-13755.json | 18 ++++++++++ 5 files changed, 196 insertions(+), 18 deletions(-) create mode 100644 2020/13xxx/CVE-2020-13754.json create mode 100644 2020/13xxx/CVE-2020-13755.json diff --git a/2020/12xxx/CVE-2020-12062.json b/2020/12xxx/CVE-2020-12062.json index 67346a6c68d..1910cb49df8 100644 --- a/2020/12xxx/CVE-2020-12062.json +++ b/2020/12xxx/CVE-2020-12062.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12062", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12062", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/05/27/1", + "url": "https://www.openwall.com/lists/oss-security/2020/05/27/1" + }, + { + "refsource": "MISC", + "name": "https://www.openssh.com/txt/release-8.3", + "url": "https://www.openssh.com/txt/release-8.3" + }, + { + "refsource": "MISC", + "name": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1", + "url": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1" } ] } diff --git a/2020/13xxx/CVE-2020-13448.json b/2020/13xxx/CVE-2020-13448.json index f86f1883cba..0057c01c159 100644 --- a/2020/13xxx/CVE-2020-13448.json +++ b/2020/13xxx/CVE-2020-13448.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13448", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13448", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/", + "url": "https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/" } ] } diff --git a/2020/13xxx/CVE-2020-13694.json b/2020/13xxx/CVE-2020-13694.json index b0cb51b6170..083bb3aa483 100644 --- a/2020/13xxx/CVE-2020-13694.json +++ b/2020/13xxx/CVE-2020-13694.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13694", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13694", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/", + "url": "https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/" } ] } diff --git a/2020/13xxx/CVE-2020-13754.json b/2020/13xxx/CVE-2020-13754.json new file mode 100644 index 00000000000..88817e176be --- /dev/null +++ b/2020/13xxx/CVE-2020-13754.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13754", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13755.json b/2020/13xxx/CVE-2020-13755.json new file mode 100644 index 00000000000..0beb8233b19 --- /dev/null +++ b/2020/13xxx/CVE-2020-13755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file