From 5f0c3c486b74ee585672a33793b9f77bdfdfc32c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 2 Sep 2020 20:01:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/25xxx/CVE-2020-25043.json | 50 +++++++++++++++++++-- 2020/25xxx/CVE-2020-25044.json | 50 +++++++++++++++++++-- 2020/25xxx/CVE-2020-25045.json | 50 +++++++++++++++++++-- 2020/5xxx/CVE-2020-5778.json | 50 +++++++++++++++++++-- 2020/5xxx/CVE-2020-5779.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6294.json | 4 +- 2020/7xxx/CVE-2020-7720.json | 7 ++- 2020/7xxx/CVE-2020-7830.json | 79 +++++++++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8576.json | 50 +++++++++++++++++++-- 9 files changed, 363 insertions(+), 27 deletions(-) diff --git a/2020/25xxx/CVE-2020-25043.json b/2020/25xxx/CVE-2020-25043.json index 2b200c3297f..8d663033274 100644 --- a/2020/25xxx/CVE-2020-25043.json +++ b/2020/25xxx/CVE-2020-25043.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kaspersky VPN Secure Connection", + "version": { + "version_data": [ + { + "version_value": "prior to 5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720", + "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system." } ] } diff --git a/2020/25xxx/CVE-2020-25044.json b/2020/25xxx/CVE-2020-25044.json index 01a9d82c74d..b60f4d841b2 100644 --- a/2020/25xxx/CVE-2020-25044.json +++ b/2020/25xxx/CVE-2020-25044.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kaspersky Virus Removal Tool", + "version": { + "version_data": [ + { + "version_value": "prior to 15.0.23.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720", + "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system." } ] } diff --git a/2020/25xxx/CVE-2020-25045.json b/2020/25xxx/CVE-2020-25045.json index 92bb14d97a7..62f253f438c 100644 --- a/2020/25xxx/CVE-2020-25045.json +++ b/2020/25xxx/CVE-2020-25045.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25045", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kaspersky Security Center & Kaspersky Security Center Web Console", + "version": { + "version_data": [ + { + "version_value": "prior to 12 & prior to 12 Patch A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation (LPE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720", + "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system." } ] } diff --git a/2020/5xxx/CVE-2020-5778.json b/2020/5xxx/CVE-2020-5778.json index eb037fc1af6..4f34b0aca1b 100644 --- a/2020/5xxx/CVE-2020-5778.json +++ b/2020/5xxx/CVE-2020-5778.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5778", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Trading Technologies Messaging", + "version": { + "version_data": [ + { + "version_value": "Trading Technologies Messaging 7.1.28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-52", + "url": "https://www.tenable.com/security/research/tra-2020-52" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe." } ] } diff --git a/2020/5xxx/CVE-2020-5779.json b/2020/5xxx/CVE-2020-5779.json index 814519ee8bf..c0aea4f3c61 100644 --- a/2020/5xxx/CVE-2020-5779.json +++ b/2020/5xxx/CVE-2020-5779.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Trading Technologies Messaging", + "version": { + "version_data": [ + { + "version_value": "Trading Technologies Messaging 7.1.28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-52", + "url": "https://www.tenable.com/security/research/tra-2020-52" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe terminates as a result." } ] } diff --git a/2020/6xxx/CVE-2020-6294.json b/2020/6xxx/CVE-2020-6294.json index 208fe2fb323..d23ee01f9b9 100644 --- a/2020/6xxx/CVE-2020-6294.json +++ b/2020/6xxx/CVE-2020-6294.json @@ -45,8 +45,8 @@ }, "impact": { "cvss": { - "baseScore": "3.5", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseScore": "8.5", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.0" } }, diff --git a/2020/7xxx/CVE-2020-7720.json b/2020/7xxx/CVE-2020-7720.json index 61c255f18f3..e2a1c9a5ddb 100644 --- a/2020/7xxx/CVE-2020-7720.json +++ b/2020/7xxx/CVE-2020-7720.json @@ -56,6 +56,11 @@ "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293", "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md", + "url": "https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md" } ] }, @@ -63,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions of package node-forge are vulnerable to Prototype Pollution via the util.setPath function." + "value": "The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions." } ] }, diff --git a/2020/7xxx/CVE-2020-7830.json b/2020/7xxx/CVE-2020-7830.json index 5b8eb3a2098..01b4b385834 100644 --- a/2020/7xxx/CVE-2020-7830.json +++ b/2020/7xxx/CVE-2020-7830.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2020-09-02T01:55:00.000Z", "ID": "CVE-2020-7830", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RAONWIZ", + "product": { + "product_data": [ + { + "product_name": "RAON KUpload", + "version": { + "version_data": [ + { + "version_value": "<=2018.0.2.50" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File download" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35582", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35582" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8576.json b/2020/8xxx/CVE-2020-8576.json index 4f28b8a51a6..b3a47c4e50c 100644 --- a/2020/8xxx/CVE-2020-8576.json +++ b/2020/8xxx/CVE-2020-8576.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20200902-0001/", + "url": "https://security.netapp.com/advisory/NTAP-20200902-0001/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information." } ] }