From 335591e5bae72a842e3a5162e2d1c688625f9423 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Nov 2020 18:01:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27146.json | 178 ++++++++++++++++----------------- 2020/27xxx/CVE-2020-27403.json | 71 +++++++++++-- 2020/28xxx/CVE-2020-28055.json | 68 ++++++++++++- 2020/28xxx/CVE-2020-28375.json | 18 ++++ 2020/28xxx/CVE-2020-28376.json | 18 ++++ 2020/28xxx/CVE-2020-28377.json | 18 ++++ 2020/28xxx/CVE-2020-28378.json | 18 ++++ 2020/28xxx/CVE-2020-28379.json | 18 ++++ 2020/28xxx/CVE-2020-28380.json | 18 ++++ 9 files changed, 328 insertions(+), 97 deletions(-) create mode 100644 2020/28xxx/CVE-2020-28375.json create mode 100644 2020/28xxx/CVE-2020-28376.json create mode 100644 2020/28xxx/CVE-2020-28377.json create mode 100644 2020/28xxx/CVE-2020-28378.json create mode 100644 2020/28xxx/CVE-2020-28379.json create mode 100644 2020/28xxx/CVE-2020-28380.json diff --git a/2020/27xxx/CVE-2020-27146.json b/2020/27xxx/CVE-2020-27146.json index 8a8b1bdf9d8..85877fedf30 100644 --- a/2020/27xxx/CVE-2020-27146.json +++ b/2020/27xxx/CVE-2020-27146.json @@ -1,90 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2020-11-10T17:00:00Z", - "ID": "CVE-2020-27146", - "STATE": "PUBLIC", - "TITLE": "TIBCO iProcess Workspace Browser CSRF" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO iProcess Workspace (Browser)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "11.6.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker.\n\nAffected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to some of the data in the affected system." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to version 11.8.0 or higher" - } - ], - "source": { - "discovery": "INTERNAL" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2020-11-10T17:00:00Z", + "ID": "CVE-2020-27146", + "STATE": "PUBLIC", + "TITLE": "TIBCO iProcess Workspace Browser CSRF" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO iProcess Workspace (Browser)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "11.6.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to some of the data in the affected system." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to version 11.8.0 or higher" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27403.json b/2020/27xxx/CVE-2020-27403.json index db2f9bd88a8..b2ef8fa9982 100644 --- a/2020/27xxx/CVE-2020-27403.json +++ b/2020/27xxx/CVE-2020-27403.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27403", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27403", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sickcodes", + "refsource": "MISC", + "name": "https://github.com/sickcodes" + }, + { + "refsource": "MISC", + "name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-009.md", + "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-009.md" + }, + { + "refsource": "MISC", + "name": "https://sick.codes/sick-2020-009", + "url": "https://sick.codes/sick-2020-009" + }, + { + "refsource": "MISC", + "name": "https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/", + "url": "https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/" } ] } diff --git a/2020/28xxx/CVE-2020-28055.json b/2020/28xxx/CVE-2020-28055.json index c18d77daa10..e5c9262d977 100644 --- a/2020/28xxx/CVE-2020-28055.json +++ b/2020/28xxx/CVE-2020-28055.json @@ -5,13 +5,77 @@ "CVE_data_meta": { "ID": "CVE-2020-28055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://twitter.com/sickcodes/", + "url": "https://twitter.com/sickcodes/" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/johnjhacking/", + "url": "https://twitter.com/johnjhacking/" + }, + { + "refsource": "MISC", + "name": "https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/", + "url": "https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/" + }, + { + "refsource": "MISC", + "name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-012.md", + "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-012.md" + }, + { + "refsource": "MISC", + "name": "https://sick.codes/sick-2020-012", + "url": "https://sick.codes/sick-2020-012" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder." } ] } diff --git a/2020/28xxx/CVE-2020-28375.json b/2020/28xxx/CVE-2020-28375.json new file mode 100644 index 00000000000..7e940b42aff --- /dev/null +++ b/2020/28xxx/CVE-2020-28375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28376.json b/2020/28xxx/CVE-2020-28376.json new file mode 100644 index 00000000000..de03aff95f9 --- /dev/null +++ b/2020/28xxx/CVE-2020-28376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28377.json b/2020/28xxx/CVE-2020-28377.json new file mode 100644 index 00000000000..00e0776d9f8 --- /dev/null +++ b/2020/28xxx/CVE-2020-28377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28378.json b/2020/28xxx/CVE-2020-28378.json new file mode 100644 index 00000000000..8f4e6268217 --- /dev/null +++ b/2020/28xxx/CVE-2020-28378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28379.json b/2020/28xxx/CVE-2020-28379.json new file mode 100644 index 00000000000..4dd4e86b76c --- /dev/null +++ b/2020/28xxx/CVE-2020-28379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28380.json b/2020/28xxx/CVE-2020-28380.json new file mode 100644 index 00000000000..32e8decae81 --- /dev/null +++ b/2020/28xxx/CVE-2020-28380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file