diff --git a/2020/10xxx/CVE-2020-10018.json b/2020/10xxx/CVE-2020-10018.json index 4d9b8583edd..d9beec536f5 100644 --- a/2020/10xxx/CVE-2020-10018.json +++ b/2020/10xxx/CVE-2020-10018.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-f25793aac4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4310-1", + "url": "https://usn.ubuntu.com/4310-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11498.json b/2020/11xxx/CVE-2020-11498.json new file mode 100644 index 00000000000..2bfc8ec0f42 --- /dev/null +++ b/2020/11xxx/CVE-2020-11498.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this \"requires a high degree of access and other preconditions that are tough to achieve.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/slackhq/nebula/pull/191", + "refsource": "MISC", + "name": "https://github.com/slackhq/nebula/pull/191" + }, + { + "url": "http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosure", + "refsource": "MISC", + "name": "http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosure" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11499.json b/2020/11xxx/CVE-2020-11499.json new file mode 100644 index 00000000000..29191ec9e2e --- /dev/null +++ b/2020/11xxx/CVE-2020-11499.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fkie-cad/FACT_core/issues/375", + "refsource": "MISC", + "name": "https://github.com/fkie-cad/FACT_core/issues/375" + }, + { + "url": "https://github.com/fkie-cad/FACT_core/pull/376", + "refsource": "MISC", + "name": "https://github.com/fkie-cad/FACT_core/pull/376" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:N/I:L/PR:N/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file