diff --git a/2018/12xxx/CVE-2018-12754.json b/2018/12xxx/CVE-2018-12754.json index 8bcdc40a493..1d21d066994 100644 --- a/2018/12xxx/CVE-2018-12754.json +++ b/2018/12xxx/CVE-2018-12754.json @@ -66,6 +66,11 @@ "name": "104701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104701" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/12xxx/CVE-2018-12755.json b/2018/12xxx/CVE-2018-12755.json index f524d09af87..c9d8d403c98 100644 --- a/2018/12xxx/CVE-2018-12755.json +++ b/2018/12xxx/CVE-2018-12755.json @@ -66,6 +66,11 @@ "name": "104701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104701" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/13xxx/CVE-2018-13313.json b/2018/13xxx/CVE-2018-13313.json index 7f8bed9fdad..69a2f3d0a47 100644 --- a/2018/13xxx/CVE-2018-13313.json +++ b/2018/13xxx/CVE-2018-13313.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-13313", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13313", + "ASSIGNER": "cve@mitre.org", + "TITLE": "Admin Password returned in password.htm", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", + "refsource": "MISC", + "name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" + }, + { + "url": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user\u2019s password in plaintext." } ] } diff --git a/2018/14xxx/CVE-2018-14705.json b/2018/14xxx/CVE-2018-14705.json index 743661a0225..cd671b11fe9 100644 --- a/2018/14xxx/CVE-2018-14705.json +++ b/2018/14xxx/CVE-2018-14705.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-14705", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-14705", + "ASSIGNER": "cve@mitre.org", + "TITLE": "Lack of Authentication/Authorization on Administrative Web Pages", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", + "refsource": "MISC", + "name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" + }, + { + "url": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself." } ] } diff --git a/2018/2xxx/CVE-2018-2799.json b/2018/2xxx/CVE-2018-2799.json index a947ae7c416..eaffc9f56a3 100644 --- a/2018/2xxx/CVE-2018-2799.json +++ b/2018/2xxx/CVE-2018-2799.json @@ -200,6 +200,11 @@ "refsource": "MLIST", "name": "[xmlgraphics-fop-dev] 20191018 [jira] [Created] (FOP-2885) Security Vulnerability with Xerces version <= 2.11", "url": "https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d@%3Cfop-dev.xmlgraphics.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-user] 20200224 [SPARK Dependencies] Security Vulnerability with Xerces version < 2.12", + "url": "https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307@%3Cuser.spark.apache.org%3E" } ] } diff --git a/2018/5xxx/CVE-2018-5068.json b/2018/5xxx/CVE-2018-5068.json index 059ac74bfeb..e9de5a8816d 100644 --- a/2018/5xxx/CVE-2018-5068.json +++ b/2018/5xxx/CVE-2018-5068.json @@ -66,6 +66,11 @@ "name": "1041250", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041250" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/5xxx/CVE-2018-5069.json b/2018/5xxx/CVE-2018-5069.json index 442f9b1dc62..dbe6ff40941 100644 --- a/2018/5xxx/CVE-2018-5069.json +++ b/2018/5xxx/CVE-2018-5069.json @@ -66,6 +66,11 @@ "name": "104701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104701" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2018/5xxx/CVE-2018-5070.json b/2018/5xxx/CVE-2018-5070.json index 8dee2558f84..40ccde75616 100644 --- a/2018/5xxx/CVE-2018-5070.json +++ b/2018/5xxx/CVE-2018-5070.json @@ -66,6 +66,11 @@ "name": "104701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104701" + }, + { + "refsource": "MISC", + "name": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/", + "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/" } ] } diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index e0584c0bdc6..79fcba07e6c 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -306,6 +306,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" } ] } diff --git a/2019/12xxx/CVE-2019-12510.json b/2019/12xxx/CVE-2019-12510.json index 03025e8b2bc..19690b24c71 100644 --- a/2019/12xxx/CVE-2019-12510.json +++ b/2019/12xxx/CVE-2019-12510.json @@ -5,13 +5,58 @@ "CVE_data_meta": { "ID": "CVE-2019-12510", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Auth Bypass Via X-Forwarded-For Header in SOAP\u00a0API", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's \"NETGEAR Genie\" SOAP API (\"/soap/server_sa\") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings." } ] } diff --git a/2019/12xxx/CVE-2019-12511.json b/2019/12xxx/CVE-2019-12511.json index c03d02e112a..00059b03f3c 100644 --- a/2019/12xxx/CVE-2019-12511.json +++ b/2019/12xxx/CVE-2019-12511.json @@ -5,13 +5,58 @@ "CVE_data_meta": { "ID": "CVE-2019-12511", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Root Command Injection via MAC Address in SOAP\u00a0API", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the \"NETGEAR Genie\" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point." } ] } diff --git a/2019/12xxx/CVE-2019-12512.json b/2019/12xxx/CVE-2019-12512.json index a4aa970e467..3b1b0a7ad3d 100644 --- a/2019/12xxx/CVE-2019-12512.json +++ b/2019/12xxx/CVE-2019-12512.json @@ -5,13 +5,58 @@ "CVE_data_meta": { "ID": "CVE-2019-12512", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Stored XSS via X-Forwarded-For Header During Incorrect Login", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag." } ] } diff --git a/2019/12xxx/CVE-2019-12513.json b/2019/12xxx/CVE-2019-12513.json index c1d2d321af7..8b82df287ef 100644 --- a/2019/12xxx/CVE-2019-12513.json +++ b/2019/12xxx/CVE-2019-12513.json @@ -5,13 +5,58 @@ "CVE_data_meta": { "ID": "CVE-2019-12513", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Stored XSS via DHCP Discover Request\u00a0Hostname", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/", + "refsource": "MISC", + "name": "https://www.ise.io/casestudies/sohopelessly-broken-2-0/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible." } ] } diff --git a/2019/16xxx/CVE-2019-16230.json b/2019/16xxx/CVE-2019-16230.json index e5ebdfb5230..35cbfec995b 100644 --- a/2019/16xxx/CVE-2019-16230.json +++ b/2019/16xxx/CVE-2019-16230.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference." + "value": "** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely." } ] }, @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191004-0001/", "url": "https://security.netapp.com/advisory/ntap-20191004-0001/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1150468", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150468" } ] } diff --git a/2019/17xxx/CVE-2019-17228.json b/2019/17xxx/CVE-2019-17228.json new file mode 100644 index 00000000000..3033d0f296b --- /dev/null +++ b/2019/17xxx/CVE-2019-17228.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/motors-car-dealership-classified-listings/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/motors-car-dealership-classified-listings/#developers" + }, + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-motors-car-dealer-classified-ads-plugin/", + "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-motors-car-dealer-classified-ads-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17229.json b/2019/17xxx/CVE-2019-17229.json new file mode 100644 index 00000000000..33a77bd3b7d --- /dev/null +++ b/2019/17xxx/CVE-2019-17229.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/motors-car-dealership-classified-listings/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/motors-car-dealership-classified-listings/#developers" + }, + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-motors-car-dealer-classified-ads-plugin/", + "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-motors-car-dealer-classified-ads-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9371.json b/2020/9xxx/CVE-2020-9371.json new file mode 100644 index 00000000000..1b271207657 --- /dev/null +++ b/2020/9xxx/CVE-2020-9371.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9371", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9372.json b/2020/9xxx/CVE-2020-9372.json new file mode 100644 index 00000000000..64a22c4fbff --- /dev/null +++ b/2020/9xxx/CVE-2020-9372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9373.json b/2020/9xxx/CVE-2020-9373.json new file mode 100644 index 00000000000..4c4291dc3be --- /dev/null +++ b/2020/9xxx/CVE-2020-9373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9374.json b/2020/9xxx/CVE-2020-9374.json new file mode 100644 index 00000000000..2b3a979acac --- /dev/null +++ b/2020/9xxx/CVE-2020-9374.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fireshellsecurity.team/hack-n-routers/", + "refsource": "MISC", + "name": "https://fireshellsecurity.team/hack-n-routers/" + }, + { + "url": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link", + "refsource": "MISC", + "name": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link" + } + ] + } +} \ No newline at end of file