From 2fa71d7eb217c75dacb5eb5ac40af7e1c19281b5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 28 Feb 2020 20:01:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/21xxx/CVE-2018-21035.json | 18 +++++++++ 2019/15xxx/CVE-2019-15126.json | 5 +++ 2019/15xxx/CVE-2019-15609.json | 62 +++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19865.json | 2 +- 2019/19xxx/CVE-2019-19943.json | 56 +++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8127.json | 50 +++++++++++++++++++++-- 2020/8xxx/CVE-2020-8131.json | 7 +++- 2020/8xxx/CVE-2020-8132.json | 50 +++++++++++++++++++++-- 2020/9xxx/CVE-2020-9465.json | 67 +++++++++++++++++++++++++++++++ 2020/9xxx/CVE-2020-9466.json | 72 ++++++++++++++++++++++++++++++++++ 2020/9xxx/CVE-2020-9467.json | 18 +++++++++ 2020/9xxx/CVE-2020-9468.json | 18 +++++++++ 12 files changed, 411 insertions(+), 14 deletions(-) create mode 100644 2018/21xxx/CVE-2018-21035.json create mode 100644 2019/15xxx/CVE-2019-15609.json create mode 100644 2020/9xxx/CVE-2020-9465.json create mode 100644 2020/9xxx/CVE-2020-9466.json create mode 100644 2020/9xxx/CVE-2020-9467.json create mode 100644 2020/9xxx/CVE-2020-9468.json diff --git a/2018/21xxx/CVE-2018-21035.json b/2018/21xxx/CVE-2018-21035.json new file mode 100644 index 00000000000..83118d5d483 --- /dev/null +++ b/2018/21xxx/CVE-2018-21035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-21035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15126.json b/2019/15xxx/CVE-2019-15126.json index 51a7c8ebf05..fd70be8e397 100644 --- a/2019/15xxx/CVE-2019-15126.json +++ b/2019/15xxx/CVE-2019-15126.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en", "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/", + "url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/" } ] } diff --git a/2019/15xxx/CVE-2019-15609.json b/2019/15xxx/CVE-2019-15609.json new file mode 100644 index 00000000000..9b2559e602b --- /dev/null +++ b/2019/15xxx/CVE-2019-15609.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15609", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kill-port-process", + "version": { + "version_data": [ + { + "version_value": "Fixed in 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/661959", + "url": "https://hackerone.com/reports/661959" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19865.json b/2019/19xxx/CVE-2019-19865.json index 0896b1d52f3..e48aaa0e3c9 100644 --- a/2019/19xxx/CVE-2019-19865.json +++ b/2019/19xxx/CVE-2019-19865.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload." + "value": "Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload." } ] }, diff --git a/2019/19xxx/CVE-2019-19943.json b/2019/19xxx/CVE-2019-19943.json index 7b90332a564..d71734d8555 100644 --- a/2019/19xxx/CVE-2019-19943.json +++ b/2019/19xxx/CVE-2019-19943.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19943", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19943", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "48111", + "url": "https://www.exploit-db.com/exploits/48111" } ] } diff --git a/2020/8xxx/CVE-2020-8127.json b/2020/8xxx/CVE-2020-8127.json index 532b39cc9d3..e847e9fc90a 100644 --- a/2020/8xxx/CVE-2020-8127.json +++ b/2020/8xxx/CVE-2020-8127.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "reveal.js", + "version": { + "version_data": [ + { + "version_value": "Fixed version: 3.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - DOM (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/691977", + "url": "https://hackerone.com/reports/691977" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks." } ] } diff --git a/2020/8xxx/CVE-2020-8131.json b/2020/8xxx/CVE-2020-8131.json index 4f1be668b80..09352339a5c 100644 --- a/2020/8xxx/CVE-2020-8131.json +++ b/2020/8xxx/CVE-2020-8131.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/730239", "url": "https://hackerone.com/reports/730239" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/yarnpkg/yarn/pull/7831", + "url": "https://github.com/yarnpkg/yarn/pull/7831" } ] }, @@ -55,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package." + "value": "Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package." } ] } diff --git a/2020/8xxx/CVE-2020-8132.json b/2020/8xxx/CVE-2020-8132.json index 902927ae47f..8ecee2803c2 100644 --- a/2020/8xxx/CVE-2020-8132.json +++ b/2020/8xxx/CVE-2020-8132.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8132", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pdf-image", + "version": { + "version_data": [ + { + "version_value": "Not Fixed" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection (CWE-94)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/781664", + "url": "https://hackerone.com/reports/781664" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input." } ] } diff --git a/2020/9xxx/CVE-2020-9465.json b/2020/9xxx/CVE-2020-9465.json new file mode 100644 index 00000000000..9295be7fa8b --- /dev/null +++ b/2020/9xxx/CVE-2020-9465.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/51", + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/51" + }, + { + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-3", + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-3" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9466.json b/2020/9xxx/CVE-2020-9466.json new file mode 100644 index 00000000000..4211e3befbb --- /dev/null +++ b/2020/9xxx/CVE-2020-9466.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/10094", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10094" + }, + { + "url": "https://www.getastra.com/blog/911/plugin-exploit/csv-injection-in-export-users-to-csv-wordpress-plugin/", + "refsource": "MISC", + "name": "https://www.getastra.com/blog/911/plugin-exploit/csv-injection-in-export-users-to-csv-wordpress-plugin/" + }, + { + "url": "https://www.jinsonvarghese.com/csv-injection-in-export-users-to-csv-plugin/", + "refsource": "MISC", + "name": "https://www.jinsonvarghese.com/csv-injection-in-export-users-to-csv-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9467.json b/2020/9xxx/CVE-2020-9467.json new file mode 100644 index 00000000000..279fd233f77 --- /dev/null +++ b/2020/9xxx/CVE-2020-9467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9468.json b/2020/9xxx/CVE-2020-9468.json new file mode 100644 index 00000000000..38aa182d224 --- /dev/null +++ b/2020/9xxx/CVE-2020-9468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file