From 48adc6a75b25a65615a3ae4b010dcab5743ddffd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 3 Sep 2020 17:01:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17638.json | 5 +++ 2020/23xxx/CVE-2020-23811.json | 56 +++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23814.json | 61 ++++++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24158.json | 56 +++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24159.json | 56 +++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24160.json | 56 +++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24161.json | 56 +++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24162.json | 56 +++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24876.json | 56 +++++++++++++++++++++++++++---- 2020/25xxx/CVE-2020-25102.json | 61 ++++++++++++++++++++++++++++++---- 2020/25xxx/CVE-2020-25114.json | 18 ++++++++++ 11 files changed, 483 insertions(+), 54 deletions(-) create mode 100644 2020/25xxx/CVE-2020-25114.json diff --git a/2019/17xxx/CVE-2019-17638.json b/2019/17xxx/CVE-2019-17638.json index 923edf91aef..f8e5c29fcaa 100644 --- a/2019/17xxx/CVE-2019-17638.json +++ b/2019/17xxx/CVE-2019-17638.json @@ -74,6 +74,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-cf8ef2f333", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/" + }, + { + "refsource": "MLIST", + "name": "[pulsar-commits] 20200903 [GitHub] [pulsar] guyv opened a new issue #7970: pulsar-client vulnerability CVE-2019-17638", + "url": "https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318@%3Ccommits.pulsar.apache.org%3E" } ] } diff --git a/2020/23xxx/CVE-2020-23811.json b/2020/23xxx/CVE-2020-23811.json index 9618db1f5ab..458e8d8778a 100644 --- a/2020/23xxx/CVE-2020-23811.json +++ b/2020/23xxx/CVE-2020-23811.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23811", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23811", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ccsq8.com/issues.html", + "refsource": "MISC", + "name": "https://www.ccsq8.com/issues.html" } ] } diff --git a/2020/23xxx/CVE-2020-23814.json b/2020/23xxx/CVE-2020-23814.json index 486ab7b9802..2c511b8ff26 100644 --- a/2020/23xxx/CVE-2020-23814.json +++ b/2020/23xxx/CVE-2020-23814.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23814", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23814", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.ccsq8.com/issues.html", + "url": "https://www.ccsq8.com/issues.html" + }, + { + "url": "https://github.com/xuxueli/xxl-job/issues/1866", + "refsource": "MISC", + "name": "https://github.com/xuxueli/xxl-job/issues/1866" } ] } diff --git a/2020/24xxx/CVE-2020-24158.json b/2020/24xxx/CVE-2020-24158.json index 847f52ec57f..d6f5aef43b9 100644 --- a/2020/24xxx/CVE-2020-24158.json +++ b/2020/24xxx/CVE-2020-24158.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24158", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24158", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnvd.org.cn/flaw/show/2105401", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/2105401" } ] } diff --git a/2020/24xxx/CVE-2020-24159.json b/2020/24xxx/CVE-2020-24159.json index d49557ecddd..6b593ec07ee 100644 --- a/2020/24xxx/CVE-2020-24159.json +++ b/2020/24xxx/CVE-2020-24159.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24159", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24159", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnvd.org.cn/flaw/show/2104833", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/2104833" } ] } diff --git a/2020/24xxx/CVE-2020-24160.json b/2020/24xxx/CVE-2020-24160.json index f57fe45dc8f..146b930fafe 100644 --- a/2020/24xxx/CVE-2020-24160.json +++ b/2020/24xxx/CVE-2020-24160.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24160", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24160", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnvd.org.cn/flaw/show/2105395", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/2105395" } ] } diff --git a/2020/24xxx/CVE-2020-24161.json b/2020/24xxx/CVE-2020-24161.json index 45d904da46d..43613580a5f 100644 --- a/2020/24xxx/CVE-2020-24161.json +++ b/2020/24xxx/CVE-2020-24161.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24161", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24161", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnvd.org.cn/flaw/show/2105403", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/2105403" } ] } diff --git a/2020/24xxx/CVE-2020-24162.json b/2020/24xxx/CVE-2020-24162.json index f6e7033755f..314780cbf5a 100644 --- a/2020/24xxx/CVE-2020-24162.json +++ b/2020/24xxx/CVE-2020-24162.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24162", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24162", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnvd.org.cn/flaw/show/2105399", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/2105399" } ] } diff --git a/2020/24xxx/CVE-2020-24876.json b/2020/24xxx/CVE-2020-24876.json index b98843cadb7..125141f170e 100644 --- a/2020/24xxx/CVE-2020-24876.json +++ b/2020/24xxx/CVE-2020-24876.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24876", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24876", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pancakeapp.com/blog/entry/pancake-4.13.29-released", + "refsource": "MISC", + "name": "https://www.pancakeapp.com/blog/entry/pancake-4.13.29-released" } ] } diff --git a/2020/25xxx/CVE-2020-25102.json b/2020/25xxx/CVE-2020-25102.json index 44663a10a68..049175f8018 100644 --- a/2020/25xxx/CVE-2020-25102.json +++ b/2020/25xxx/CVE-2020-25102.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25102", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25102", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nyeholt/silverstripe-advancedreports/releases", + "refsource": "MISC", + "name": "https://github.com/nyeholt/silverstripe-advancedreports/releases" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ahpaleus/c3bd2d41d306544ca3158569335d12f2", + "url": "https://gist.github.com/ahpaleus/c3bd2d41d306544ca3158569335d12f2" } ] } diff --git a/2020/25xxx/CVE-2020-25114.json b/2020/25xxx/CVE-2020-25114.json new file mode 100644 index 00000000000..c9904ac4d16 --- /dev/null +++ b/2020/25xxx/CVE-2020-25114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-25114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file