From 65ec9696c99c54b5a0cd0bbe289bda198d0d54ec Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 22 Jun 2020 16:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13279.json | 79 ++++++++++++++++++++++++++++++++-- 2020/13xxx/CVE-2020-13887.json | 61 +++++++++++++++++++++++--- 2020/14xxx/CVE-2020-14159.json | 58 +++---------------------- 2020/14xxx/CVE-2020-14974.json | 18 ++++++++ 2020/14xxx/CVE-2020-14975.json | 18 ++++++++ 2020/14xxx/CVE-2020-14976.json | 18 ++++++++ 2020/14xxx/CVE-2020-14977.json | 18 ++++++++ 2020/14xxx/CVE-2020-14978.json | 18 ++++++++ 2020/14xxx/CVE-2020-14979.json | 18 ++++++++ 2020/4xxx/CVE-2020-4060.json | 2 +- 2020/4xxx/CVE-2020-4062.json | 2 +- 2020/4xxx/CVE-2020-4066.json | 2 +- 2020/4xxx/CVE-2020-4068.json | 2 +- 2020/4xxx/CVE-2020-4070.json | 2 +- 2020/6xxx/CVE-2020-6644.json | 53 +++++++++++++++++++++-- 2020/9xxx/CVE-2020-9288.json | 50 +++++++++++++++++++-- 16 files changed, 347 insertions(+), 72 deletions(-) create mode 100644 2020/14xxx/CVE-2020-14974.json create mode 100644 2020/14xxx/CVE-2020-14975.json create mode 100644 2020/14xxx/CVE-2020-14976.json create mode 100644 2020/14xxx/CVE-2020-14977.json create mode 100644 2020/14xxx/CVE-2020-14978.json create mode 100644 2020/14xxx/CVE-2020-14979.json diff --git a/2020/13xxx/CVE-2020-13279.json b/2020/13xxx/CVE-2020-13279.json index cc995adc8d6..9a44caea1dd 100644 --- a/2020/13xxx/CVE-2020-13279.json +++ b/2020/13xxx/CVE-2020-13279.json @@ -4,15 +4,86 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "gitlab-vscode-extension", + "version": { + "version_data": [ + { + "version_value": "<=2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled search path element in gitlab-vscode-extension" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/issues/170", + "url": "https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/issues/170", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13279.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13279.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 8.5, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "GitLab security research team" + } + ] } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13887.json b/2020/13xxx/CVE-2020-13887.json index 84ec43c171b..9ca6325f835 100644 --- a/2020/13xxx/CVE-2020-13887.json +++ b/2020/13xxx/CVE-2020-13887.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13887", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13887", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/projects/kordiledms/files/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/kordiledms/files/" + }, + { + "refsource": "MISC", + "name": "http://hidden-one.co.in/2020/06/17/cve-2020-13887-kordil-edms-through-2-2-60rc3-allows-remote-command-execution/", + "url": "http://hidden-one.co.in/2020/06/17/cve-2020-13887-kordil-edms-through-2-2-60rc3-allows-remote-command-execution/" } ] } diff --git a/2020/14xxx/CVE-2020-14159.json b/2020/14xxx/CVE-2020-14159.json index 3c91e3ea4d5..77f1c5706c5 100644 --- a/2020/14xxx/CVE-2020-14159.json +++ b/2020/14xxx/CVE-2020-14159.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-14159", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14159", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.connectwise.com/company/trust#tab1", - "refsource": "MISC", - "name": "https://www.connectwise.com/company/trust#tab1" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-13983. Reason: This candidate is a duplicate of CVE-2020-13983. Notes: All CVE users should reference CVE-2020-13983 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2020/14xxx/CVE-2020-14974.json b/2020/14xxx/CVE-2020-14974.json new file mode 100644 index 00000000000..0e309d8e878 --- /dev/null +++ b/2020/14xxx/CVE-2020-14974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14975.json b/2020/14xxx/CVE-2020-14975.json new file mode 100644 index 00000000000..49de21006e7 --- /dev/null +++ b/2020/14xxx/CVE-2020-14975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14976.json b/2020/14xxx/CVE-2020-14976.json new file mode 100644 index 00000000000..43c78c46cc7 --- /dev/null +++ b/2020/14xxx/CVE-2020-14976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14977.json b/2020/14xxx/CVE-2020-14977.json new file mode 100644 index 00000000000..4f5de2c2cf4 --- /dev/null +++ b/2020/14xxx/CVE-2020-14977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14978.json b/2020/14xxx/CVE-2020-14978.json new file mode 100644 index 00000000000..29c3b7a1fd8 --- /dev/null +++ b/2020/14xxx/CVE-2020-14978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14979.json b/2020/14xxx/CVE-2020-14979.json new file mode 100644 index 00000000000..9420b00278e --- /dev/null +++ b/2020/14xxx/CVE-2020-14979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4060.json b/2020/4xxx/CVE-2020-4060.json index 556e69b72f3..60dff5a0700 100644 --- a/2020/4xxx/CVE-2020-4060.json +++ b/2020/4xxx/CVE-2020-4060.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption.\n\nThis bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again.\n\nThe CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication.\n\nThis has been fixed in 2.0.4." + "value": "In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication. This has been fixed in 2.0.4." } ] }, diff --git a/2020/4xxx/CVE-2020-4062.json b/2020/4xxx/CVE-2020-4062.json index 9c09c487b70..04f99ed7aea 100644 --- a/2020/4xxx/CVE-2020-4062.json +++ b/2020/4xxx/CVE-2020-4062.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control.\n\nA malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret.\n\nThis Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected.\n\nTo remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions.\tIf you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. \n\nThe term \"isolated\" refers to:\n\n- No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace.\n- Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC)." + "value": "In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term \"isolated\" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC)." } ] }, diff --git a/2020/4xxx/CVE-2020-4066.json b/2020/4xxx/CVE-2020-4066.json index 5ae57ea5784..5159f5ca1eb 100644 --- a/2020/4xxx/CVE-2020-4066.json +++ b/2020/4xxx/CVE-2020-4066.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.\n\nThis has been patched in 0.95." + "value": "In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95." } ] }, diff --git a/2020/4xxx/CVE-2020-4068.json b/2020/4xxx/CVE-2020-4068.json index 716ad1872e1..a862f3d11eb 100644 --- a/2020/4xxx/CVE-2020-4068.json +++ b/2020/4xxx/CVE-2020-4068.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow.\n\nThis has been fixed in 1.0.1." + "value": "In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1." } ] }, diff --git a/2020/4xxx/CVE-2020-4070.json b/2020/4xxx/CVE-2020-4070.json index dbe90cbffa2..d1e3211d990 100644 --- a/2020/4xxx/CVE-2020-4070.json +++ b/2020/4xxx/CVE-2020-4070.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it.\n\nThis has been patched in commit e5c09a9." + "value": "In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9." } ] }, diff --git a/2020/6xxx/CVE-2020-6644.json b/2020/6xxx/CVE-2020-6644.json index e3092c661c6..3e55bd85c87 100644 --- a/2020/6xxx/CVE-2020-6644.json +++ b/2020/6xxx/CVE-2020-6644.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiDeceptor", + "version": { + "version_data": [ + { + "version_value": "3.0.0 and below" + }, + { + "version_value": "Fixed in 3.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-006", + "url": "https://fortiguard.com/advisory/FG-IR-20-006" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks." } ] } diff --git a/2020/9xxx/CVE-2020-9288.json b/2020/9xxx/CVE-2020-9288.json index 87395838b2f..6c224b78b66 100644 --- a/2020/9xxx/CVE-2020-9288.json +++ b/2020/9xxx/CVE-2020-9288.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWLC", + "version": { + "version_data": [ + { + "version_value": "FortiWLC 8.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-016", + "url": "https://fortiguard.com/advisory/FG-IR-20-016" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile." } ] }