From 26df5cbfcc6d06f0b057b6618dbaf1983339f531 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Apr 2020 18:01:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18405.json | 48 ++++++++++++++++++++++- 2018/21xxx/CVE-2018-21127.json | 70 +++++++++++++++++++++++++++++++--- 2018/21xxx/CVE-2018-21128.json | 70 +++++++++++++++++++++++++++++++--- 2018/21xxx/CVE-2018-21129.json | 70 +++++++++++++++++++++++++++++++--- 2018/21xxx/CVE-2018-21130.json | 70 +++++++++++++++++++++++++++++++--- 2020/12xxx/CVE-2020-12066.json | 63 ++++-------------------------- 2020/1xxx/CVE-2020-1967.json | 5 +++ 2020/7xxx/CVE-2020-7055.json | 61 ++++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8509.json | 2 +- 9 files changed, 370 insertions(+), 89 deletions(-) diff --git a/2018/18xxx/CVE-2018-18405.json b/2018/18xxx/CVE-2018-18405.json index 0bd6e7eafd9..3f6bcbd266f 100644 --- a/2018/18xxx/CVE-2018-18405.json +++ b/2018/18xxx/CVE-2018-18405.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18405", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://br.linkedin.com/in/joas-antonio-dos-santos", + "url": "https://br.linkedin.com/in/joas-antonio-dos-santos" } ] } diff --git a/2018/21xxx/CVE-2018-21127.json b/2018/21xxx/CVE-2018-21127.json index 23675d04feb..721ea299d23 100644 --- a/2018/21xxx/CVE-2018-21127.json +++ b/2018/21xxx/CVE-2018-21127.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21127", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21127", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060231/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0263", + "url": "https://kb.netgear.com/000060231/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0263" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21128.json b/2018/21xxx/CVE-2018-21128.json index 0dedc0119f7..16e13eca9ff 100644 --- a/2018/21xxx/CVE-2018-21128.json +++ b/2018/21xxx/CVE-2018-21128.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21128", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21128", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060230/Security-Advisory-for-Authentication-Bypass-on-Some-Wireless-Access-Points-PSV-2018-0264", + "url": "https://kb.netgear.com/000060230/Security-Advisory-for-Authentication-Bypass-on-Some-Wireless-Access-Points-PSV-2018-0264" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21129.json b/2018/21xxx/CVE-2018-21129.json index 95f03ef1187..b65f3eefac4 100644 --- a/2018/21xxx/CVE-2018-21129.json +++ b/2018/21xxx/CVE-2018-21129.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21129", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21129", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060245/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2018-0266", + "url": "https://kb.netgear.com/000060245/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2018-0266" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21130.json b/2018/21xxx/CVE-2018-21130.json index ed45ecdba04..42e70b42c3f 100644 --- a/2018/21xxx/CVE-2018-21130.json +++ b/2018/21xxx/CVE-2018-21130.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21130", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21130", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060229/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0267", + "url": "https://kb.netgear.com/000060229/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0267" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12066.json b/2020/12xxx/CVE-2020-12066.json index 6471a63f403..d17bf80135d 100644 --- a/2020/12xxx/CVE-2020-12066.json +++ b/2020/12xxx/CVE-2020-12066.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-12066", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.teeworlds.com/forum/viewtopic.php?id=14785", - "refsource": "MISC", - "name": "https://www.teeworlds.com/forum/viewtopic.php?id=14785" - }, - { - "url": "https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5", - "refsource": "MISC", - "name": "https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2020/1xxx/CVE-2020-1967.json b/2020/1xxx/CVE-2020-1967.json index 10c7f4270b4..b21d5c47ed0 100644 --- a/2020/1xxx/CVE-2020-1967.json +++ b/2020/1xxx/CVE-2020-1967.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?", "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440" } ] } diff --git a/2020/7xxx/CVE-2020-7055.json b/2020/7xxx/CVE-2020-7055.json index 3fae0270607..133e963871a 100644 --- a/2020/7xxx/CVE-2020-7055.json +++ b/2020/7xxx/CVE-2020-7055.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pentest.co.uk/labs/advisory/cve-2020-7055/", + "url": "https://pentest.co.uk/labs/advisory/cve-2020-7055/" + }, + { + "refsource": "MISC", + "name": "https://pentest.co.uk/labs/vulnerability-disclosure-cve-2020-7055/", + "url": "https://pentest.co.uk/labs/vulnerability-disclosure-cve-2020-7055/" } ] } diff --git a/2020/8xxx/CVE-2020-8509.json b/2020/8xxx/CVE-2020-8509.json index ba92873cd69..21c22ef84f7 100644 --- a/2020/8xxx/CVE-2020-8509.json +++ b/2020/8xxx/CVE-2020-8509.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Zoho ManageEngine Desktop Central allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure." + "value": "Zoho ManageEngine Desktop Central 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure." } ] },