From 63e92cfef294be3b8309f8635c724a442c1d7640 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 May 2020 00:01:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20797.json | 72 +++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20798.json | 67 +++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20799.json | 82 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20800.json | 67 +++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20801.json | 67 +++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20802.json | 67 +++++++++++++++++++++++++++ 2020/13xxx/CVE-2020-13128.json | 67 +++++++++++++++++++++++++++ 7 files changed, 489 insertions(+) create mode 100644 2019/20xxx/CVE-2019-20797.json create mode 100644 2019/20xxx/CVE-2019-20798.json create mode 100644 2019/20xxx/CVE-2019-20799.json create mode 100644 2019/20xxx/CVE-2019-20800.json create mode 100644 2019/20xxx/CVE-2019-20801.json create mode 100644 2019/20xxx/CVE-2019-20802.json create mode 100644 2020/13xxx/CVE-2020-13128.json diff --git a/2019/20xxx/CVE-2019-20797.json b/2019/20xxx/CVE-2019-20797.json new file mode 100644 index 00000000000..11ce6ecf1de --- /dev/null +++ b/2019/20xxx/CVE-2019-20797.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacketTo in i_network.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/prboom-plus/bugs/252/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/prboom-plus/bugs/252/" + }, + { + "url": "https://sourceforge.net/p/prboom-plus/bugs/253/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/prboom-plus/bugs/253/" + }, + { + "url": "https://logicaltrust.net/blog/2019/10/prboom1.html", + "refsource": "MISC", + "name": "https://logicaltrust.net/blog/2019/10/prboom1.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20798.json b/2019/20xxx/CVE-2019-20798.json new file mode 100644 index 00000000000..25bf2993556 --- /dev/null +++ b/2019/20xxx/CVE-2019-20798.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://logicaltrust.net/blog/2019/11/cherokee.html", + "refsource": "MISC", + "name": "https://logicaltrust.net/blog/2019/11/cherokee.html" + }, + { + "url": "https://github.com/cherokee/webserver/issues/1227", + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/issues/1227" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20799.json b/2019/20xxx/CVE-2019-20799.json new file mode 100644 index 00000000000..b2c9ee0c7b4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20799.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://logicaltrust.net/blog/2019/11/cherokee.html", + "refsource": "MISC", + "name": "https://logicaltrust.net/blog/2019/11/cherokee.html" + }, + { + "url": "https://github.com/cherokee/webserver/issues/1226", + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/issues/1226" + }, + { + "url": "https://github.com/cherokee/webserver/issues/1225", + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/issues/1225" + }, + { + "url": "https://github.com/cherokee/webserver/issues/1222", + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/issues/1222" + }, + { + "url": "https://github.com/cherokee/webserver/issues/1221", + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/issues/1221" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20800.json b/2019/20xxx/CVE-2019-20800.json new file mode 100644 index 00000000000..93ad219814c --- /dev/null +++ b/2019/20xxx/CVE-2019-20800.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many \"Host: 127.0.0.1\" headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://logicaltrust.net/blog/2019/11/cherokee.html", + "refsource": "MISC", + "name": "https://logicaltrust.net/blog/2019/11/cherokee.html" + }, + { + "url": "https://github.com/cherokee/webserver/issues/1224", + "refsource": "MISC", + "name": "https://github.com/cherokee/webserver/issues/1224" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20801.json b/2019/20xxx/CVE-2019-20801.json new file mode 100644 index 00000000000..bc4eac4ac9a --- /dev/null +++ b/2019/20xxx/CVE-2019-20801.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://apps.apple.com/us/app/documents-by-readdle/id364901807", + "refsource": "MISC", + "name": "https://apps.apple.com/us/app/documents-by-readdle/id364901807" + }, + { + "url": "https://logicaltrust.net/blog/2019/12/documents.html#authorization", + "refsource": "MISC", + "name": "https://logicaltrust.net/blog/2019/12/documents.html#authorization" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20802.json b/2019/20xxx/CVE-2019-20802.json new file mode 100644 index 00000000000..9a42b4ef485 --- /dev/null +++ b/2019/20xxx/CVE-2019-20802.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://apps.apple.com/us/app/documents-by-readdle/id364901807", + "refsource": "MISC", + "name": "https://apps.apple.com/us/app/documents-by-readdle/id364901807" + }, + { + "url": "https://logicaltrust.net/blog/2019/12/documents.html#xss", + "refsource": "MISC", + "name": "https://logicaltrust.net/blog/2019/12/documents.html#xss" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13128.json b/2020/13xxx/CVE-2020-13128.json new file mode 100644 index 00000000000..577bb865333 --- /dev/null +++ b/2020/13xxx/CVE-2020-13128.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/manolo/gwtupload/issues/33", + "refsource": "MISC", + "name": "https://github.com/manolo/gwtupload/issues/33" + }, + { + "url": "https://logicaltrust.net/blog/2020/02/gwt-upload.html", + "refsource": "MISC", + "name": "https://logicaltrust.net/blog/2020/02/gwt-upload.html" + } + ] + } +} \ No newline at end of file