From 25e3188ea0cc4cdba52c622170522a2f086dac59 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 27 Nov 2020 17:01:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19873.json | 56 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19874.json | 56 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19875.json | 56 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19876.json | 56 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19877.json | 56 ++++++++++++++++++++++++++++++---- 2019/19xxx/CVE-2019-19878.json | 56 ++++++++++++++++++++++++++++++---- 2020/25xxx/CVE-2020-25834.json | 5 +++ 2020/27xxx/CVE-2020-27745.json | 56 ++++++++++++++++++++++++++++++---- 2020/29xxx/CVE-2020-29361.json | 18 +++++++++++ 2020/29xxx/CVE-2020-29362.json | 18 +++++++++++ 2020/29xxx/CVE-2020-29363.json | 18 +++++++++++ 2020/29xxx/CVE-2020-29364.json | 18 +++++++++++ 2020/7xxx/CVE-2020-7780.json | 32 +++++++++++-------- 13 files changed, 446 insertions(+), 55 deletions(-) create mode 100644 2020/29xxx/CVE-2020-29361.json create mode 100644 2020/29xxx/CVE-2020-29362.json create mode 100644 2020/29xxx/CVE-2020-29363.json create mode 100644 2020/29xxx/CVE-2020-29364.json diff --git a/2019/19xxx/CVE-2019-19873.json b/2019/19xxx/CVE-2019-19873.json index 6fafb22d5ff..2425ba1a848 100644 --- a/2019/19xxx/CVE-2019-19873.json +++ b/2019/19xxx/CVE-2019-19873.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19873", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19873", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf", + "refsource": "MISC", + "name": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19874.json b/2019/19xxx/CVE-2019-19874.json index 856a8dcca68..42c996b1b1d 100644 --- a/2019/19xxx/CVE-2019-19874.json +++ b/2019/19xxx/CVE-2019-19874.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf", + "refsource": "MISC", + "name": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19875.json b/2019/19xxx/CVE-2019-19875.json index 896adcd5978..c59360e85c3 100644 --- a/2019/19xxx/CVE-2019-19875.json +++ b/2019/19xxx/CVE-2019-19875.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19875", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19875", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf", + "refsource": "MISC", + "name": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19876.json b/2019/19xxx/CVE-2019-19876.json index a5f7d3d8103..f2704bf4651 100644 --- a/2019/19xxx/CVE-2019-19876.json +++ b/2019/19xxx/CVE-2019-19876.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19876", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19876", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf", + "refsource": "MISC", + "name": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19877.json b/2019/19xxx/CVE-2019-19877.json index b5643404722..9847cd8717e 100644 --- a/2019/19xxx/CVE-2019-19877.json +++ b/2019/19xxx/CVE-2019-19877.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19877", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19877", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf", + "refsource": "MISC", + "name": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19878.json b/2019/19xxx/CVE-2019-19878.json index 1814c0c706e..eba6dd8d0ee 100644 --- a/2019/19xxx/CVE-2019-19878.json +++ b/2019/19xxx/CVE-2019-19878.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19878", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19878", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf", + "refsource": "MISC", + "name": "https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf" } ] } diff --git a/2020/25xxx/CVE-2020-25834.json b/2020/25xxx/CVE-2020-25834.json index 23f34e026c7..09cca7c5cf3 100644 --- a/2020/25xxx/CVE-2020-25834.json +++ b/2020/25xxx/CVE-2020-25834.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600", "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600" + }, + { + "refsource": "MISC", + "name": "https://www.cybereagle.io/blog/cve-2020-25834/", + "url": "https://www.cybereagle.io/blog/cve-2020-25834/" } ] }, diff --git a/2020/27xxx/CVE-2020-27745.json b/2020/27xxx/CVE-2020-27745.json index aacf27dbd56..08e94aac9c1 100644 --- a/2020/27xxx/CVE-2020-27745.json +++ b/2020/27xxx/CVE-2020-27745.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27745", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27745", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.schedmd.com/news.php", + "refsource": "MISC", + "name": "https://www.schedmd.com/news.php" } ] } diff --git a/2020/29xxx/CVE-2020-29361.json b/2020/29xxx/CVE-2020-29361.json new file mode 100644 index 00000000000..4eacb543105 --- /dev/null +++ b/2020/29xxx/CVE-2020-29361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29362.json b/2020/29xxx/CVE-2020-29362.json new file mode 100644 index 00000000000..c274edc8ca8 --- /dev/null +++ b/2020/29xxx/CVE-2020-29362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29363.json b/2020/29xxx/CVE-2020-29363.json new file mode 100644 index 00000000000..d2443501880 --- /dev/null +++ b/2020/29xxx/CVE-2020-29363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29364.json b/2020/29xxx/CVE-2020-29364.json new file mode 100644 index 00000000000..fb2bb9433dd --- /dev/null +++ b/2020/29xxx/CVE-2020-29364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7780.json b/2020/7xxx/CVE-2020-7780.json index 87065761501..c0dd1e88516 100644 --- a/2020/7xxx/CVE-2020-7780.json +++ b/2020/7xxx/CVE-2020-7780.json @@ -84,28 +84,34 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1045352" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1045352", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1045352" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046654" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046654", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046654" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046655" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046655", + "name": "https://snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046655" }, { - "refsource": "CONFIRM", - "url": "https://github.com/softwaremill/akka-http-session/issues/77" + "refsource": "MISC", + "url": "https://github.com/softwaremill/akka-http-session/issues/77", + "name": "https://github.com/softwaremill/akka-http-session/issues/77" }, { - "refsource": "CONFIRM", - "url": "https://github.com/softwaremill/akka-http-session/issues/74" + "refsource": "MISC", + "url": "https://github.com/softwaremill/akka-http-session/issues/74", + "name": "https://github.com/softwaremill/akka-http-session/issues/74" }, { - "refsource": "CONFIRM", - "url": "https://github.com/softwaremill/akka-http-session/commit/57f11663eecb84be03383d164f655b9c5f953b41" + "refsource": "MISC", + "url": "https://github.com/softwaremill/akka-http-session/commit/57f11663eecb84be03383d164f655b9c5f953b41", + "name": "https://github.com/softwaremill/akka-http-session/commit/57f11663eecb84be03383d164f655b9c5f953b41" } ] }, @@ -113,7 +119,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11.\n For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.\n" + "value": "This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie." } ] },