From 538ddd2e36efac479241ad19608561786bf860a5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Nov 2020 19:01:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16763.json | 5 +++ 2018/1xxx/CVE-2018-1311.json | 2 +- 2020/26xxx/CVE-2020-26508.json | 56 ++++++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26509.json | 56 ++++++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26510.json | 56 ++++++++++++++++++++++++++++++---- 2020/28xxx/CVE-2020-28890.json | 18 +++++++++++ 2020/6xxx/CVE-2020-6506.json | 5 +++ 7 files changed, 179 insertions(+), 19 deletions(-) create mode 100644 2020/28xxx/CVE-2020-28890.json diff --git a/2018/16xxx/CVE-2018-16763.json b/2018/16xxx/CVE-2018-16763.json index ba3228fe4ce..2ce1e7af72d 100644 --- a/2018/16xxx/CVE-2018-16763.json +++ b/2018/16xxx/CVE-2018-16763.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html" } ] } diff --git a/2018/1xxx/CVE-2018-1311.json b/2018/1xxx/CVE-2018-1311.json index 54194a6eda3..ca55f20448c 100644 --- a/2018/1xxx/CVE-2018-1311.json +++ b/2018/1xxx/CVE-2018-1311.json @@ -70,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable." + "value": "The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable." } ] } diff --git a/2020/26xxx/CVE-2020-26508.json b/2020/26xxx/CVE-2020-26508.json index b960287b736..41a738f2774 100644 --- a/2020/26xxx/CVE-2020-26508.json +++ b/2020/26xxx/CVE-2020-26508.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26508", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26508", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/pentest-blog/", + "refsource": "MISC", + "name": "https://www.syss.de/pentest-blog/" } ] } diff --git a/2020/26xxx/CVE-2020-26509.json b/2020/26xxx/CVE-2020-26509.json index 317e1a28821..61b78a3da0d 100644 --- a/2020/26xxx/CVE-2020-26509.json +++ b/2020/26xxx/CVE-2020-26509.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26509", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26509", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-033.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-033.txt" } ] } diff --git a/2020/26xxx/CVE-2020-26510.json b/2020/26xxx/CVE-2020-26510.json index 39b51007819..765511bb2af 100644 --- a/2020/26xxx/CVE-2020-26510.json +++ b/2020/26xxx/CVE-2020-26510.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26510", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26510", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-033.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-033.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28890.json b/2020/28xxx/CVE-2020-28890.json new file mode 100644 index 00000000000..90669f56607 --- /dev/null +++ b/2020/28xxx/CVE-2020-28890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6506.json b/2020/6xxx/CVE-2020-6506.json index 05986feb15b..84217d0e968 100644 --- a/2020/6xxx/CVE-2020-6506.json +++ b/2020/6xxx/CVE-2020-6506.json @@ -79,6 +79,11 @@ "refsource": "MLIST", "name": "[cordova-issues] 20201007 [GitHub] [cordova-plugin-inappbrowser] carlpoole opened a new pull request #792: fix(android): Add mitigation strategy for CVE-2020-6506", "url": "https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cordova-issues] 20201116 [GitHub] [cordova-plugin-inappbrowser] NiklasMerz commented on pull request #792: fix(android): Add mitigation strategy for CVE-2020-6506", + "url": "https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E" } ] },