From 61c33205b41f72ac8a04af2e65c5535cd59224f6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 25 Feb 2020 19:01:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/11xxx/CVE-2016-11020.json | 66 ++++++++++++++++++++++++++--- 2019/15xxx/CVE-2019-15604.json | 5 +++ 2019/15xxx/CVE-2019-15605.json | 5 +++ 2019/15xxx/CVE-2019-15606.json | 5 +++ 2019/16xxx/CVE-2019-16775.json | 5 +++ 2019/16xxx/CVE-2019-16776.json | 5 +++ 2019/16xxx/CVE-2019-16777.json | 5 +++ 2019/20xxx/CVE-2019-20444.json | 5 +++ 2019/20xxx/CVE-2019-20445.json | 5 +++ 2019/3xxx/CVE-2019-3999.json | 58 ++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7238.json | 5 +++ 2020/8xxx/CVE-2020-8809.json | 61 ++++++++++++++++++++++++--- 2020/8xxx/CVE-2020-8810.json | 61 ++++++++++++++++++++++++--- 2020/9xxx/CVE-2020-9379.json | 61 ++++++++++++++++++++++++--- 2020/9xxx/CVE-2020-9392.json | 18 ++++++++ 2020/9xxx/CVE-2020-9393.json | 76 ++++++++++++++++++++++++++++++++++ 2020/9xxx/CVE-2020-9394.json | 76 ++++++++++++++++++++++++++++++++++ 2020/9xxx/CVE-2020-9395.json | 18 ++++++++ 18 files changed, 509 insertions(+), 31 deletions(-) create mode 100644 2020/9xxx/CVE-2020-9392.json create mode 100644 2020/9xxx/CVE-2020-9393.json create mode 100644 2020/9xxx/CVE-2020-9394.json create mode 100644 2020/9xxx/CVE-2020-9395.json diff --git a/2016/11xxx/CVE-2016-11020.json b/2016/11xxx/CVE-2016-11020.json index 1525cede2eb..a0170fb81fd 100644 --- a/2016/11xxx/CVE-2016-11020.json +++ b/2016/11xxx/CVE-2016-11020.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2016-11020", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2016-11020", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kunena.org/bugs/changelog", + "refsource": "MISC", + "name": "https://www.kunena.org/bugs/changelog" + }, + { + "url": "https://github.com/Kunena/Kunena-Forum/pull/5028", + "refsource": "MISC", + "name": "https://github.com/Kunena/Kunena-Forum/pull/5028" + }, + { + "refsource": "MISC", + "name": "https://www.kunena.org/blog/179-kunena-5-0-4-released", + "url": "https://www.kunena.org/blog/179-kunena-5-0-4-released" } ] } diff --git a/2019/15xxx/CVE-2019-15604.json b/2019/15xxx/CVE-2019-15604.json index 3b32109ee88..90776d5fd24 100644 --- a/2019/15xxx/CVE-2019-15604.json +++ b/2019/15xxx/CVE-2019-15604.json @@ -93,6 +93,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0598", "url": "https://access.redhat.com/errata/RHSA-2020:0598" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0602", + "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ] }, diff --git a/2019/15xxx/CVE-2019-15605.json b/2019/15xxx/CVE-2019-15605.json index 53b74717638..4f399a76537 100644 --- a/2019/15xxx/CVE-2019-15605.json +++ b/2019/15xxx/CVE-2019-15605.json @@ -103,6 +103,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0598", "url": "https://access.redhat.com/errata/RHSA-2020:0598" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0602", + "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ] }, diff --git a/2019/15xxx/CVE-2019-15606.json b/2019/15xxx/CVE-2019-15606.json index b82a5016ebb..df1074aa188 100644 --- a/2019/15xxx/CVE-2019-15606.json +++ b/2019/15xxx/CVE-2019-15606.json @@ -93,6 +93,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0598", "url": "https://access.redhat.com/errata/RHSA-2020:0598" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0602", + "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ] }, diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index fd97d164164..6a0d383c122 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -115,6 +115,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0597", "url": "https://access.redhat.com/errata/RHSA-2020:0597" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0602", + "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ] }, diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index a5824f60a33..4e8d996fb68 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -115,6 +115,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0597", "url": "https://access.redhat.com/errata/RHSA-2020:0597" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0602", + "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ] }, diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index fae864ccb54..a2c3035f331 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -115,6 +115,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0597", "url": "https://access.redhat.com/errata/RHSA-2020:0597" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0602", + "url": "https://access.redhat.com/errata/RHSA-2020:0602" } ] }, diff --git a/2019/20xxx/CVE-2019-20444.json b/2019/20xxx/CVE-2019-20444.json index 190861de44e..c9d4ae04724 100644 --- a/2019/20xxx/CVE-2019-20444.json +++ b/2019/20xxx/CVE-2019-20444.json @@ -221,6 +221,11 @@ "refsource": "MLIST", "name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0601", + "url": "https://access.redhat.com/errata/RHSA-2020:0601" } ] } diff --git a/2019/20xxx/CVE-2019-20445.json b/2019/20xxx/CVE-2019-20445.json index 2c64d9e212c..560317a3c95 100644 --- a/2019/20xxx/CVE-2019-20445.json +++ b/2019/20xxx/CVE-2019-20445.json @@ -171,6 +171,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0601", + "url": "https://access.redhat.com/errata/RHSA-2020:0601" } ] } diff --git a/2019/3xxx/CVE-2019-3999.json b/2019/3xxx/CVE-2019-3999.json index d64ebd025a6..fa2945eac48 100644 --- a/2019/3xxx/CVE-2019-3999.json +++ b/2019/3xxx/CVE-2019-3999.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3999", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3999", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Druva inSync Windows Client", + "version": { + "version_data": [ + { + "version_value": "6.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-12", + "url": "https://www.tenable.com/security/research/tra-2020-12" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges." } ] } diff --git a/2020/7xxx/CVE-2020-7238.json b/2020/7xxx/CVE-2020-7238.json index a8a8fcbb938..16bafe5de32 100644 --- a/2020/7xxx/CVE-2020-7238.json +++ b/2020/7xxx/CVE-2020-7238.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0601", + "url": "https://access.redhat.com/errata/RHSA-2020:0601" } ] } diff --git a/2020/8xxx/CVE-2020-8809.json b/2020/8xxx/CVE-2020-8809.json index b00e611438f..11de74f58b6 100644 --- a/2020/8xxx/CVE-2020-8809.json +++ b/2020/8xxx/CVE-2020-8809.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8809", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8809", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seqred.pl/en/cve-gurux-gxdlms-director/", + "url": "https://seqred.pl/en/cve-gurux-gxdlms-director/" + }, + { + "refsource": "MISC", + "name": "https://github.com/seqred-s-a/gxdlmsdirector-cve", + "url": "https://github.com/seqred-s-a/gxdlmsdirector-cve" } ] } diff --git a/2020/8xxx/CVE-2020-8810.json b/2020/8xxx/CVE-2020-8810.json index f85cecc3f4c..b8b1a727761 100644 --- a/2020/8xxx/CVE-2020-8810.json +++ b/2020/8xxx/CVE-2020-8810.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8810", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8810", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seqred.pl/en/cve-gurux-gxdlms-director/", + "url": "https://seqred.pl/en/cve-gurux-gxdlms-director/" + }, + { + "refsource": "MISC", + "name": "https://github.com/seqred-s-a/gxdlmsdirector-cve", + "url": "https://github.com/seqred-s-a/gxdlmsdirector-cve" } ] } diff --git a/2020/9xxx/CVE-2020-9379.json b/2020/9xxx/CVE-2020-9379.json index 120ae30232b..70ce83fa494 100644 --- a/2020/9xxx/CVE-2020-9379.json +++ b/2020/9xxx/CVE-2020-9379.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0003", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0003" } ] } diff --git a/2020/9xxx/CVE-2020-9392.json b/2020/9xxx/CVE-2020-9392.json new file mode 100644 index 00000000000..2c0961a1fb4 --- /dev/null +++ b/2020/9xxx/CVE-2020-9392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9393.json b/2020/9xxx/CVE-2020-9393.json new file mode 100644 index 00000000000..21690732adb --- /dev/null +++ b/2020/9xxx/CVE-2020-9393.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/pricing-table-by-supsystic/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/pricing-table-by-supsystic/#developers" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9394.json b/2020/9xxx/CVE-2020-9394.json new file mode 100644 index 00000000000..4d007a39dc7 --- /dev/null +++ b/2020/9xxx/CVE-2020-9394.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-9394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/pricing-table-by-supsystic/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/pricing-table-by-supsystic/#developers" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9395.json b/2020/9xxx/CVE-2020-9395.json new file mode 100644 index 00000000000..8b5bcebf1fd --- /dev/null +++ b/2020/9xxx/CVE-2020-9395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file