diff --git a/2020/12xxx/CVE-2020-12049.json b/2020/12xxx/CVE-2020-12049.json index 16ecefac083..f2a9bee0c47 100644 --- a/2020/12xxx/CVE-2020-12049.json +++ b/2020/12xxx/CVE-2020-12049.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" + }, + { + "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/06/04/3", + "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3" + }, + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18", + "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18" + }, + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30", + "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30" } ] } diff --git a/2020/12xxx/CVE-2020-12695.json b/2020/12xxx/CVE-2020-12695.json index 78d621a1b86..43bc295f077 100644 --- a/2020/12xxx/CVE-2020-12695.json +++ b/2020/12xxx/CVE-2020-12695.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12695", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12695", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.callstranger.com", + "refsource": "MISC", + "name": "https://www.callstranger.com" + }, + { + "url": "https://www.kb.cert.org/vuls/id/339275", + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/339275" } ] } diff --git a/2020/12xxx/CVE-2020-12800.json b/2020/12xxx/CVE-2020-12800.json index aa357479254..cdcdc27f475 100644 --- a/2020/12xxx/CVE-2020-12800.json +++ b/2020/12xxx/CVE-2020-12800.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12800", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12800", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html", + "url": "https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html" + }, + { + "refsource": "CONFIRM", + "name": "https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers", + "url": "https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers" } ] } diff --git a/2020/13xxx/CVE-2020-13625.json b/2020/13xxx/CVE-2020-13625.json index e4c7ecbb204..a757d4b2842 100644 --- a/2020/13xxx/CVE-2020-13625.json +++ b/2020/13xxx/CVE-2020-13625.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13625", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13625", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6", + "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj", + "url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj" } ] } diff --git a/2020/13xxx/CVE-2020-13696.json b/2020/13xxx/CVE-2020-13696.json index a4415f0c5b3..0ea1e23b1e0 100644 --- a/2020/13xxx/CVE-2020-13696.json +++ b/2020/13xxx/CVE-2020-13696.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13696", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13696", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3", + "refsource": "MISC", + "name": "https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3" + }, + { + "url": "https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292", + "refsource": "MISC", + "name": "https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292" + }, + { + "url": "https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c", + "refsource": "MISC", + "name": "https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/06/04/6", + "url": "http://www.openwall.com/lists/oss-security/2020/06/04/6" } ] } diff --git a/2020/13xxx/CVE-2020-13881.json b/2020/13xxx/CVE-2020-13881.json index 623c5350e39..60f58e6c03f 100644 --- a/2020/13xxx/CVE-2020-13881.json +++ b/2020/13xxx/CVE-2020-13881.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200608 CVE-2020-13881: pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if configured with debug parameter", "url": "http://www.openwall.com/lists/oss-security/2020/06/08/1" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200608 [SECURITY] [DLA 2239-1] libpam-tacplus security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html" } ] } diff --git a/2020/5xxx/CVE-2020-5304.json b/2020/5xxx/CVE-2020-5304.json index b43dde69b85..15e292a34e0 100644 --- a/2020/5xxx/CVE-2020-5304.json +++ b/2020/5xxx/CVE-2020-5304.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5304", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5304", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.whitesourcesoftware.com/oss_security_vulnerabilities/", + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/oss_security_vulnerabilities/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b", + "url": "https://medium.com/@venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b" } ] } diff --git a/2020/8xxx/CVE-2020-8954.json b/2020/8xxx/CVE-2020-8954.json index ee305e0d289..f3bb2a3059f 100644 --- a/2020/8xxx/CVE-2020-8954.json +++ b/2020/8xxx/CVE-2020-8954.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://play.google.com/store/apps/details?id=de.marcel.opensearch&hl=en_US", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=de.marcel.opensearch&hl=en_US" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/marcelbohland/OpenSerach-CVE-SVE-reference-/master/CVE-list", + "url": "https://raw.githubusercontent.com/marcelbohland/OpenSerach-CVE-SVE-reference-/master/CVE-list" } ] }