diff --git a/2019/7xxx/CVE-2019-7266.json b/2019/7xxx/CVE-2019-7266.json index 741aabd7eaa..1438d8e6407 100644 --- a/2019/7xxx/CVE-2019-7266.json +++ b/2019/7xxx/CVE-2019-7266.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01" } ] } diff --git a/2019/7xxx/CVE-2019-7267.json b/2019/7xxx/CVE-2019-7267.json index 9e040ea90d8..faad7638347 100644 --- a/2019/7xxx/CVE-2019-7267.json +++ b/2019/7xxx/CVE-2019-7267.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01" } ] } diff --git a/2019/7xxx/CVE-2019-7268.json b/2019/7xxx/CVE-2019-7268.json index ab7749172cf..08c0574f62a 100644 --- a/2019/7xxx/CVE-2019-7268.json +++ b/2019/7xxx/CVE-2019-7268.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01" } ] } diff --git a/2019/7xxx/CVE-2019-7269.json b/2019/7xxx/CVE-2019-7269.json index 493a67652e4..ce22edadfad 100644 --- a/2019/7xxx/CVE-2019-7269.json +++ b/2019/7xxx/CVE-2019-7269.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01" } ] } diff --git a/2019/7xxx/CVE-2019-7270.json b/2019/7xxx/CVE-2019-7270.json index f5403216919..fc30cdcccf0 100644 --- a/2019/7xxx/CVE-2019-7270.json +++ b/2019/7xxx/CVE-2019-7270.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.applied-risk.com/resources/ar-2019-006", "url": "https://www.applied-risk.com/resources/ar-2019-006" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01" } ] } diff --git a/2020/13xxx/CVE-2020-13379.json b/2020/13xxx/CVE-2020-13379.json index 910f010a0e5..4741bd5098a 100644 --- a/2020/13xxx/CVE-2020-13379.json +++ b/2020/13xxx/CVE-2020-13379.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0892", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html" + }, + { + "refsource": "MISC", + "name": "https://mostwanted002.cf/post/grafanados/", + "url": "https://mostwanted002.cf/post/grafanados/" } ] } diff --git a/2020/8xxx/CVE-2020-8161.json b/2020/8xxx/CVE-2020-8161.json index fb8d122f0c0..5670fc68338 100644 --- a/2020/8xxx/CVE-2020-8161.json +++ b/2020/8xxx/CVE-2020-8161.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rack/rack", + "version": { + "version_data": [ + { + "version_value": "Fixed in 2.1.3, >= 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through Directory Listing (CWE-548)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/434404", + "url": "https://hackerone.com/reports/434404" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA", + "url": "https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure." } ] } diff --git a/2020/8xxx/CVE-2020-8163.json b/2020/8xxx/CVE-2020-8163.json index 9ea32ebcbc6..43ebb147c3f 100644 --- a/2020/8xxx/CVE-2020-8163.json +++ b/2020/8xxx/CVE-2020-8163.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "Fixed in 4.2.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection (CWE-94)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/304805", + "url": "https://hackerone.com/reports/304805" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0", + "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE." } ] } diff --git a/2020/8xxx/CVE-2020-8166.json b/2020/8xxx/CVE-2020-8166.json index 6ad3d27d1a2..c20ac68d9f8 100644 --- a/2020/8xxx/CVE-2020-8166.json +++ b/2020/8xxx/CVE-2020-8166.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "Fixed in 5.2.4.3, 6.0.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/732415", + "url": "https://hackerone.com/reports/732415" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw", + "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token." } ] } diff --git a/2020/8xxx/CVE-2020-8176.json b/2020/8xxx/CVE-2020-8176.json index b6299904d2a..39dc2653942 100644 --- a/2020/8xxx/CVE-2020-8176.json +++ b/2020/8xxx/CVE-2020-8176.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "koa-shopify-auth", + "version": { + "version_data": [ + { + "version_value": "Impacted: v3.1.61-v3.1.62, Fixed: v3.1.63" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Shopify/quilt/pull/1455", + "url": "https://github.com/Shopify/quilt/pull/1455" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/881409", + "url": "https://hackerone.com/reports/881409" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint." } ] } diff --git a/2020/8xxx/CVE-2020-8179.json b/2020/8xxx/CVE-2020-8179.json index ad476a0dc6d..9a5b1f1df50 100644 --- a/2020/8xxx/CVE-2020-8179.json +++ b/2020/8xxx/CVE-2020-8179.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Deck", + "version": { + "version_data": [ + { + "version_value": "Fixed in 1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/867052", + "url": "https://hackerone.com/reports/867052" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-022", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks." } ] } diff --git a/2020/8xxx/CVE-2020-8185.json b/2020/8xxx/CVE-2020-8185.json index 2aab2a90083..0510f5b1e37 100644 --- a/2020/8xxx/CVE-2020-8185.json +++ b/2020/8xxx/CVE-2020-8185.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "Fixed in 6.0.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/899069", + "url": "https://hackerone.com/reports/899069" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0", + "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production." } ] } diff --git a/2020/8xxx/CVE-2020-8188.json b/2020/8xxx/CVE-2020-8188.json index 38372ee02e6..4c3669c3322 100644 --- a/2020/8xxx/CVE-2020-8188.json +++ b/2020/8xxx/CVE-2020-8188.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8188", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Protect for UniFi Cloud Key Gen2 Plus, UniFi Dream Machine Pro, UNVR", + "version": { + "version_data": [ + { + "version_value": "Fixed in versions: v1.13.3 and v1.14.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4", + "url": "https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4" + }, + { + "refsource": "MISC", + "name": "https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba", + "url": "https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba" + }, + { + "refsource": "MISC", + "name": "https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5", + "url": "https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges." } ] }