diff --git a/2020/10xxx/CVE-2020-10375.json b/2020/10xxx/CVE-2020-10375.json index 4e7bfe4cbde..97494de21dd 100644 --- a/2020/10xxx/CVE-2020-10375.json +++ b/2020/10xxx/CVE-2020-10375.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.x41-dsec.de/lab/advisories/x41-2020-005-smarty/", + "refsource": "MISC", + "name": "https://www.x41-dsec.de/lab/advisories/x41-2020-005-smarty/" + }, + { + "url": "https://www.smarty-online.de", + "refsource": "MISC", + "name": "https://www.smarty-online.de" } ] } diff --git a/2020/10xxx/CVE-2020-10552.json b/2020/10xxx/CVE-2020-10552.json index 13583a34b9f..4b9659b8842 100644 --- a/2020/10xxx/CVE-2020-10552.json +++ b/2020/10xxx/CVE-2020-10552.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10552", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10552", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax", + "refsource": "MISC", + "name": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax" } ] } diff --git a/2020/10xxx/CVE-2020-10553.json b/2020/10xxx/CVE-2020-10553.json index 49d252be708..57620cf0554 100644 --- a/2020/10xxx/CVE-2020-10553.json +++ b/2020/10xxx/CVE-2020-10553.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10553", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10553", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\\Psyprax32\\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax", + "refsource": "MISC", + "name": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax" } ] } diff --git a/2020/10xxx/CVE-2020-10554.json b/2020/10xxx/CVE-2020-10554.json index 9ccee99570c..39cb474a4a5 100644 --- a/2020/10xxx/CVE-2020-10554.json +++ b/2020/10xxx/CVE-2020-10554.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10554", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10554", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax", + "refsource": "MISC", + "name": "https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax" } ] } diff --git a/2020/10xxx/CVE-2020-10857.json b/2020/10xxx/CVE-2020-10857.json index 5aef2ef25d6..c3d5720c01d 100644 --- a/2020/10xxx/CVE-2020-10857.json +++ b/2020/10xxx/CVE-2020-10857.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10857", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10857", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-security-release/", + "url": "https://blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-security-release/" } ] } diff --git a/2020/10xxx/CVE-2020-10858.json b/2020/10xxx/CVE-2020-10858.json index a59b58718ab..c58ffae3cf2 100644 --- a/2020/10xxx/CVE-2020-10858.json +++ b/2020/10xxx/CVE-2020-10858.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-security-release/", + "url": "https://blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-security-release/" } ] } diff --git a/2020/12xxx/CVE-2020-12122.json b/2020/12xxx/CVE-2020-12122.json index aaa74e94b01..0ded9be587b 100644 --- a/2020/12xxx/CVE-2020-12122.json +++ b/2020/12xxx/CVE-2020-12122.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12122", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12122", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.maxpcsecure.com/spywaredetector.htm", + "refsource": "MISC", + "name": "https://www.maxpcsecure.com/spywaredetector.htm" + }, + { + "refsource": "MISC", + "name": "https://github.com/FULLSHADE/Kernel-exploits", + "url": "https://github.com/FULLSHADE/Kernel-exploits" + }, + { + "refsource": "MISC", + "name": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys", + "url": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys" } ] } diff --git a/2020/29xxx/CVE-2020-29598.json b/2020/29xxx/CVE-2020-29598.json index c0d6d3698e9..df6a7adc008 100644 --- a/2020/29xxx/CVE-2020-29598.json +++ b/2020/29xxx/CVE-2020-29598.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-29598", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29598", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "The My AIA SG application 1.2.6 for Android allows attackers to obtain user credentials via logcat because of excessive logging." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://play.google.com/store/apps/details?id=com.aia.sg.mypage.oneapp.wrapper.myaiasg&hl=en_GB", - "refsource": "MISC", - "name": "https://play.google.com/store/apps/details?id=com.aia.sg.mypage.oneapp.wrapper.myaiasg&hl=en_GB" - }, - { - "refsource": "MISC", - "name": "https://github.com/galapogos/My-AIA-SG-Vulnerabilities", - "url": "https://github.com/galapogos/My-AIA-SG-Vulnerabilities" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Notes: none." } ] } diff --git a/2020/9xxx/CVE-2020-9453.json b/2020/9xxx/CVE-2020-9453.json index 88f6cd74b0f..966c2b1fe15 100644 --- a/2020/9xxx/CVE-2020-9453.json +++ b/2020/9xxx/CVE-2020-9453.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \\Device\\EMPMPAUIO and \\DosDevices\\EMPMPAU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://epson.com", + "refsource": "MISC", + "name": "https://epson.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/FULLSHADE/Kernel-exploits", + "url": "https://github.com/FULLSHADE/Kernel-exploits" + }, + { + "refsource": "MISC", + "name": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_MPAU.sys", + "url": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_MPAU.sys" } ] }