diff --git a/2020/10xxx/CVE-2020-10663.json b/2020/10xxx/CVE-2020-10663.json index 12ed4d6c97d..8f5cfec537e 100644 --- a/2020/10xxx/CVE-2020-10663.json +++ b/2020/10xxx/CVE-2020-10663.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10663", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10663", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", + "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/" } ] } diff --git a/2020/11xxx/CVE-2020-11014.json b/2020/11xxx/CVE-2020-11014.json index cc2d293d184..a73c73cc20d 100644 --- a/2020/11xxx/CVE-2020-11014.json +++ b/2020/11xxx/CVE-2020-11014.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Electron-Cash-SLP before version 3.6.2 has a vulnerability.\nAll token creators that use the \"Mint Tool\" feature of the Electron Cash SLP Edition are at risk of sending the minting\nauthority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability\nto issue new tokens or permanently destroy future minting capability.\n\nThis is fixed version 3.6.2." + "value": "Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the \"Mint Tool\" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability to issue new tokens or permanently destroy future minting capability. This is fixed version 3.6.2." } ] }, @@ -95,4 +95,4 @@ "advisory": "GHSA-cchm-grx2-g873", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12102.json b/2020/12xxx/CVE-2020-12102.json index 28dfbb42912..11961e92f2f 100644 --- a/2020/12xxx/CVE-2020-12102.json +++ b/2020/12xxx/CVE-2020-12102.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12102", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12102", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.quantumleap.it/news/advisory/", + "refsource": "MISC", + "name": "https://www.quantumleap.it/news/advisory/" + }, + { + "refsource": "MISC", + "name": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/", + "url": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/" } ] } diff --git a/2020/12xxx/CVE-2020-12432.json b/2020/12xxx/CVE-2020-12432.json new file mode 100644 index 00000000000..11cec20f26a --- /dev/null +++ b/2020/12xxx/CVE-2020-12432.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12432", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12433.json b/2020/12xxx/CVE-2020-12433.json new file mode 100644 index 00000000000..692cda8e922 --- /dev/null +++ b/2020/12xxx/CVE-2020-12433.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12433", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12434.json b/2020/12xxx/CVE-2020-12434.json new file mode 100644 index 00000000000..8b8c6e0366e --- /dev/null +++ b/2020/12xxx/CVE-2020-12434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12435.json b/2020/12xxx/CVE-2020-12435.json new file mode 100644 index 00000000000..dd4cd6f0714 --- /dev/null +++ b/2020/12xxx/CVE-2020-12435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12436.json b/2020/12xxx/CVE-2020-12436.json new file mode 100644 index 00000000000..b2128c7148f --- /dev/null +++ b/2020/12xxx/CVE-2020-12436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12437.json b/2020/12xxx/CVE-2020-12437.json new file mode 100644 index 00000000000..02b1af5678d --- /dev/null +++ b/2020/12xxx/CVE-2020-12437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12438.json b/2020/12xxx/CVE-2020-12438.json new file mode 100644 index 00000000000..25f23e2a218 --- /dev/null +++ b/2020/12xxx/CVE-2020-12438.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-12438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php-fusion/PHP-Fusion/commit/c36006f900d855f1173f81cea1a774295049f4d8", + "refsource": "MISC", + "name": "https://github.com/php-fusion/PHP-Fusion/commit/c36006f900d855f1173f81cea1a774295049f4d8" + }, + { + "url": "https://github.com/php-fusion/PHP-Fusion/issues/2307", + "refsource": "MISC", + "name": "https://github.com/php-fusion/PHP-Fusion/issues/2307" + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12439.json b/2020/12xxx/CVE-2020-12439.json new file mode 100644 index 00000000000..50d123a8584 --- /dev/null +++ b/2020/12xxx/CVE-2020-12439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file