From 4973e150d6548cd116e06010bb9078c3c7c8b09b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 May 2020 17:01:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19454.json | 56 ++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19456.json | 56 ++++++++++++++++++++++++--- 2020/13xxx/CVE-2020-13135.json | 62 +++++++++++++++++++++++++++++ 2020/13xxx/CVE-2020-13136.json | 62 +++++++++++++++++++++++++++++ 2020/13xxx/CVE-2020-13137.json | 18 +++++++++ 2020/13xxx/CVE-2020-13138.json | 18 +++++++++ 2020/13xxx/CVE-2020-13139.json | 18 +++++++++ 2020/13xxx/CVE-2020-13140.json | 18 +++++++++ 2020/13xxx/CVE-2020-13141.json | 18 +++++++++ 2020/13xxx/CVE-2020-13142.json | 18 +++++++++ 2020/6xxx/CVE-2020-6074.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6092.json | 50 ++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6093.json | 50 ++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8034.json | 71 +++++++++++++++++++++++++++++++--- 14 files changed, 538 insertions(+), 27 deletions(-) create mode 100644 2020/13xxx/CVE-2020-13135.json create mode 100644 2020/13xxx/CVE-2020-13136.json create mode 100644 2020/13xxx/CVE-2020-13137.json create mode 100644 2020/13xxx/CVE-2020-13138.json create mode 100644 2020/13xxx/CVE-2020-13139.json create mode 100644 2020/13xxx/CVE-2020-13140.json create mode 100644 2020/13xxx/CVE-2020-13141.json create mode 100644 2020/13xxx/CVE-2020-13142.json diff --git a/2019/19xxx/CVE-2019-19454.json b/2019/19xxx/CVE-2019-19454.json index 73cda72d71f..3d8fe66f2d9 100644 --- a/2019/19xxx/CVE-2019-19454.json +++ b/2019/19xxx/CVE-2019-19454.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19454", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19454", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file download was found in the \"Download Log\" functionality of Wowza Streaming Engine <= 4.x.x" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/it/innovazione/servizi-digitali/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/it/innovazione/servizi-digitali/cybersecurity/red-team.html" } ] } diff --git a/2019/19xxx/CVE-2019-19456.json b/2019/19xxx/CVE-2019-19456.json index d5442c54156..0e6f0b971b7 100644 --- a/2019/19xxx/CVE-2019-19456.json +++ b/2019/19xxx/CVE-2019-19456.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19456", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19456", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/it/innovazione/servizi-digitali/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/it/innovazione/servizi-digitali/cybersecurity/red-team.html" } ] } diff --git a/2020/13xxx/CVE-2020-13135.json b/2020/13xxx/CVE-2020-13135.json new file mode 100644 index 00000000000..49829260dd4 --- /dev/null +++ b/2020/13xxx/CVE-2020-13135.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172", + "refsource": "MISC", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13136.json b/2020/13xxx/CVE-2020-13136.json new file mode 100644 index 00000000000..f195b335154 --- /dev/null +++ b/2020/13xxx/CVE-2020-13136.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172", + "refsource": "MISC", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13137.json b/2020/13xxx/CVE-2020-13137.json new file mode 100644 index 00000000000..c9460971e42 --- /dev/null +++ b/2020/13xxx/CVE-2020-13137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13138.json b/2020/13xxx/CVE-2020-13138.json new file mode 100644 index 00000000000..b6c0c2f2b38 --- /dev/null +++ b/2020/13xxx/CVE-2020-13138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13139.json b/2020/13xxx/CVE-2020-13139.json new file mode 100644 index 00000000000..26a7ba0ef9d --- /dev/null +++ b/2020/13xxx/CVE-2020-13139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13140.json b/2020/13xxx/CVE-2020-13140.json new file mode 100644 index 00000000000..659097737d2 --- /dev/null +++ b/2020/13xxx/CVE-2020-13140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13141.json b/2020/13xxx/CVE-2020-13141.json new file mode 100644 index 00000000000..3a6019def1f --- /dev/null +++ b/2020/13xxx/CVE-2020-13141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13142.json b/2020/13xxx/CVE-2020-13142.json new file mode 100644 index 00000000000..ace199a167a --- /dev/null +++ b/2020/13xxx/CVE-2020-13142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6074.json b/2020/6xxx/CVE-2020-6074.json index 6ffd1f7a541..67a6c5e0721 100644 --- a/2020/6xxx/CVE-2020-6074.json +++ b/2020/6xxx/CVE-2020-6074.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6074", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nitro Pro", + "version": { + "version_data": [ + { + "version_value": "Nitro Pro 13.9.1.155" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0997", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0997" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6092.json b/2020/6xxx/CVE-2020-6092.json index 8e4efaaab63..cf8ae140495 100644 --- a/2020/6xxx/CVE-2020-6092.json +++ b/2020/6xxx/CVE-2020-6092.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nitro Pro", + "version": { + "version_data": [ + { + "version_value": "Nitro Pro 13.9.1.155" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1013", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1013" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file." } ] } diff --git a/2020/6xxx/CVE-2020-6093.json b/2020/6xxx/CVE-2020-6093.json index faa31eec865..7a81a50fb76 100644 --- a/2020/6xxx/CVE-2020-6093.json +++ b/2020/6xxx/CVE-2020-6093.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nitro Pro", + "version": { + "version_data": [ + { + "version_value": "Nitro Pro 13.9.1.155" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1014", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1014" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file." } ] } diff --git a/2020/8xxx/CVE-2020-8034.json b/2020/8xxx/CVE-2020-8034.json index 888eab814ac..6e9c7b07df6 100644 --- a/2020/8xxx/CVE-2020-8034.json +++ b/2020/8xxx/CVE-2020-8034.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8034", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8034", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/horde/gollem/commits/master", + "refsource": "MISC", + "name": "https://github.com/horde/gollem/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.horde.org/archives/gollem/Week-of-Mon-20200420/001990.html", + "url": "https://lists.horde.org/archives/gollem/Week-of-Mon-20200420/001990.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/horde/gollem/blob/95b2a4212d734f1b27aaa7a221d2fa1370d2631f/docs/CHANGES", + "url": "https://github.com/horde/gollem/blob/95b2a4212d734f1b27aaa7a221d2fa1370d2631f/docs/CHANGES" + }, + { + "refsource": "MISC", + "name": "https://lists.horde.org/archives/announce/2020/001289.html", + "url": "https://lists.horde.org/archives/announce/2020/001289.html" } ] }