From 503acba29cc8ed1b4badcdf9174ab54a74659a30 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 3 Apr 2020 18:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19232.json | 5 +++ 2020/10xxx/CVE-2020-10599.json | 60 ++++++++++++++++++++++++++++++++-- 2020/10xxx/CVE-2020-10601.json | 60 ++++++++++++++++++++++++++++++++-- 2020/11xxx/CVE-2020-11504.json | 18 ++++++++++ 2020/11xxx/CVE-2020-11505.json | 18 ++++++++++ 2020/11xxx/CVE-2020-11506.json | 18 ++++++++++ 2020/1xxx/CVE-2020-1927.json | 5 +++ 2020/7xxx/CVE-2020-7000.json | 60 ++++++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7004.json | 60 ++++++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7008.json | 60 ++++++++++++++++++++++++++++++++-- 10 files changed, 349 insertions(+), 15 deletions(-) create mode 100644 2020/11xxx/CVE-2020-11504.json create mode 100644 2020/11xxx/CVE-2020-11505.json create mode 100644 2020/11xxx/CVE-2020-11506.json diff --git a/2019/19xxx/CVE-2019-19232.json b/2019/19xxx/CVE-2019-19232.json index 8836af67120..c8fffb1b709 100644 --- a/2019/19xxx/CVE-2019-19232.json +++ b/2019/19xxx/CVE-2019-19232.json @@ -131,6 +131,11 @@ "refsource": "CONFIRM", "name": "https://support.apple.com/en-gb/HT211100", "url": "https://support.apple.com/en-gb/HT211100" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/plugins/nessus/133936", + "url": "https://www.tenable.com/plugins/nessus/133936" } ] } diff --git a/2020/10xxx/CVE-2020-10599.json b/2020/10xxx/CVE-2020-10599.json index 5fe755c8a5c..75cfaeb835d 100644 --- a/2020/10xxx/CVE-2020-10599.json +++ b/2020/10xxx/CVE-2020-10599.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VISAM", + "product": { + "product_data": [ + { + "product_name": "VBASE Editor", + "version": { + "version_data": [ + { + "version_value": "1.5.0.2" + } + ] + } + }, + { + "product_name": "VBASE Web-Remote Module", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code." } ] } diff --git a/2020/10xxx/CVE-2020-10601.json b/2020/10xxx/CVE-2020-10601.json index e961e82c023..f3cb9d5305d 100644 --- a/2020/10xxx/CVE-2020-10601.json +++ b/2020/10xxx/CVE-2020-10601.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VISAM", + "product": { + "product_data": [ + { + "product_name": "VBASE Editor", + "version": { + "version_data": [ + { + "version_value": "11.5.0.2" + } + ] + } + }, + { + "product_name": "VBASE Web-Remote Module", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash." } ] } diff --git a/2020/11xxx/CVE-2020-11504.json b/2020/11xxx/CVE-2020-11504.json new file mode 100644 index 00000000000..206d371cc8a --- /dev/null +++ b/2020/11xxx/CVE-2020-11504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11505.json b/2020/11xxx/CVE-2020-11505.json new file mode 100644 index 00000000000..edd1d741183 --- /dev/null +++ b/2020/11xxx/CVE-2020-11505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11506.json b/2020/11xxx/CVE-2020-11506.json new file mode 100644 index 00000000000..eb7c0e37328 --- /dev/null +++ b/2020/11xxx/CVE-2020-11506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1927.json b/2020/1xxx/CVE-2020-1927.json index 3f66c85f2a6..b395782306d 100644 --- a/2020/1xxx/CVE-2020-1927.json +++ b/2020/1xxx/CVE-2020-1927.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200403 Re: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect", + "url": "http://www.openwall.com/lists/oss-security/2020/04/03/1" } ] }, diff --git a/2020/7xxx/CVE-2020-7000.json b/2020/7xxx/CVE-2020-7000.json index 318b113b67c..4a9c4b71b21 100644 --- a/2020/7xxx/CVE-2020-7000.json +++ b/2020/7xxx/CVE-2020-7000.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VISAM", + "product": { + "product_data": [ + { + "product_name": "VBASE Editor", + "version": { + "version_data": [ + { + "version_value": "11.5.0.2" + } + ] + } + }, + { + "product_name": "VBASE Web-Remote Module", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface." } ] } diff --git a/2020/7xxx/CVE-2020-7004.json b/2020/7xxx/CVE-2020-7004.json index ab31f85c24a..d336ec6d46e 100644 --- a/2020/7xxx/CVE-2020-7004.json +++ b/2020/7xxx/CVE-2020-7004.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VISAM", + "product": { + "product_data": [ + { + "product_name": "VBASE Editor", + "version": { + "version_data": [ + { + "version_value": "11.5.0.2" + } + ] + } + }, + { + "product_name": "VBASE Web-Remote Module", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCORRECT DEFAULT PERMISSIONS CWE-276" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application." } ] } diff --git a/2020/7xxx/CVE-2020-7008.json b/2020/7xxx/CVE-2020-7008.json index 42d4f722cb0..43040d08fbb 100644 --- a/2020/7xxx/CVE-2020-7008.json +++ b/2020/7xxx/CVE-2020-7008.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VISAM", + "product": { + "product_data": [ + { + "product_name": "VBASE Editor", + "version": { + "version_data": [ + { + "version_value": "11.5.0.2" + } + ] + } + }, + { + "product_name": "VBASE Web-Remote Module", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RELATIVE PATH TRAVERSAL CWE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources." } ] }