From 66e7c4f02dc74619c746fc343fd07bcd2da6c79a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 14 Dec 2020 03:01:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/25xxx/CVE-2020-25812.json | 5 +++ 2020/25xxx/CVE-2020-25813.json | 5 +++ 2020/25xxx/CVE-2020-25814.json | 5 +++ 2020/25xxx/CVE-2020-25815.json | 5 +++ 2020/25xxx/CVE-2020-25827.json | 5 +++ 2020/25xxx/CVE-2020-25828.json | 5 +++ 2020/25xxx/CVE-2020-25869.json | 5 +++ 2020/26xxx/CVE-2020-26120.json | 5 +++ 2020/26xxx/CVE-2020-26121.json | 5 +++ 2020/35xxx/CVE-2020-35234.json | 67 ++++++++++++++++++++++++++++++++++ 2020/35xxx/CVE-2020-35235.json | 67 ++++++++++++++++++++++++++++++++++ 2020/5xxx/CVE-2020-5635.json | 15 ++++++-- 2020/5xxx/CVE-2020-5636.json | 15 ++++++-- 2020/5xxx/CVE-2020-5637.json | 15 ++++++-- 2020/5xxx/CVE-2020-5639.json | 17 ++++++--- 2020/5xxx/CVE-2020-5665.json | 19 +++++++--- 16 files changed, 238 insertions(+), 22 deletions(-) create mode 100644 2020/35xxx/CVE-2020-35234.json create mode 100644 2020/35xxx/CVE-2020-35235.json diff --git a/2020/25xxx/CVE-2020-25812.json b/2020/25xxx/CVE-2020-25812.json index eeca773e27e..21874936a4b 100644 --- a/2020/25xxx/CVE-2020-25812.json +++ b/2020/25xxx/CVE-2020-25812.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/25xxx/CVE-2020-25813.json b/2020/25xxx/CVE-2020-25813.json index f81839e3a0c..55bc86c018e 100644 --- a/2020/25xxx/CVE-2020-25813.json +++ b/2020/25xxx/CVE-2020-25813.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/25xxx/CVE-2020-25814.json b/2020/25xxx/CVE-2020-25814.json index 2e992e868f1..785fb59d725 100644 --- a/2020/25xxx/CVE-2020-25814.json +++ b/2020/25xxx/CVE-2020-25814.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/25xxx/CVE-2020-25815.json b/2020/25xxx/CVE-2020-25815.json index 697efa67bdd..807d3f5e8f7 100644 --- a/2020/25xxx/CVE-2020-25815.json +++ b/2020/25xxx/CVE-2020-25815.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/25xxx/CVE-2020-25827.json b/2020/25xxx/CVE-2020-25827.json index e3d9ccb7245..535eb5cc221 100644 --- a/2020/25xxx/CVE-2020-25827.json +++ b/2020/25xxx/CVE-2020-25827.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/25xxx/CVE-2020-25828.json b/2020/25xxx/CVE-2020-25828.json index a3f7a9669e8..7d5c7af7fe4 100644 --- a/2020/25xxx/CVE-2020-25828.json +++ b/2020/25xxx/CVE-2020-25828.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/25xxx/CVE-2020-25869.json b/2020/25xxx/CVE-2020-25869.json index f506de9da0b..a06aa876d34 100644 --- a/2020/25xxx/CVE-2020-25869.json +++ b/2020/25xxx/CVE-2020-25869.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html", "url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/26xxx/CVE-2020-26120.json b/2020/26xxx/CVE-2020-26120.json index bfed7a3b2df..ecbda1df38b 100644 --- a/2020/26xxx/CVE-2020-26120.json +++ b/2020/26xxx/CVE-2020-26120.json @@ -61,6 +61,11 @@ "url": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea", "refsource": "MISC", "name": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/26xxx/CVE-2020-26121.json b/2020/26xxx/CVE-2020-26121.json index 16101f4a425..92ef0f3f77a 100644 --- a/2020/26xxx/CVE-2020-26121.json +++ b/2020/26xxx/CVE-2020-26121.json @@ -66,6 +66,11 @@ "url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b", "refsource": "MISC", "name": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a4802c53d9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/" } ] } diff --git a/2020/35xxx/CVE-2020-35234.json b/2020/35xxx/CVE-2020-35234.json new file mode 100644 index 00000000000..b7947b4a3f6 --- /dev/null +++ b/2020/35xxx/CVE-2020-35234.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/", + "refsource": "MISC", + "name": "https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/" + }, + { + "url": "https://wordpress.org/plugins/easy-wp-smtp/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/easy-wp-smtp/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35235.json b/2020/35xxx/CVE-2020-35235.json new file mode 100644 index 00000000000..0b199a385c0 --- /dev/null +++ b/2020/35xxx/CVE-2020-35235.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.nintechnet.com/authenticated-rce-vulnerability-in-wordpress-secure-file-manager-plugin-unpatched/", + "refsource": "MISC", + "name": "https://blog.nintechnet.com/authenticated-rce-vulnerability-in-wordpress-secure-file-manager-plugin-unpatched/" + }, + { + "url": "https://wordpress.org/plugins/secure-file-manager/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/secure-file-manager/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5635.json b/2020/5xxx/CVE-2020-5635.json index b01f3479ec1..2a21a222831 100644 --- a/2020/5xxx/CVE-2020-5635.json +++ b/2020/5xxx/CVE-2020-5635.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5635", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,13 +45,19 @@ "references": { "reference_data": [ { - "url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html" + "url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html", + "refsource": "MISC", + "name": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html" }, { - "url": "https://jvn.jp/en/jp/JVN55917325/index.html" + "url": "https://jvn.jp/en/jp/JVN55917325/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN55917325/index.html" }, { - "url": "https://jvn.jp/jp/JVN55917325/index.html" + "url": "https://jvn.jp/jp/JVN55917325/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN55917325/index.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5636.json b/2020/5xxx/CVE-2020-5636.json index 5ba1a5a9ccd..f9b90834cbc 100644 --- a/2020/5xxx/CVE-2020-5636.json +++ b/2020/5xxx/CVE-2020-5636.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5636", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,13 +45,19 @@ "references": { "reference_data": [ { - "url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html" + "url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html", + "refsource": "MISC", + "name": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html" }, { - "url": "https://jvn.jp/en/jp/JVN55917325/index.html" + "url": "https://jvn.jp/en/jp/JVN55917325/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN55917325/index.html" }, { - "url": "https://jvn.jp/jp/JVN55917325/index.html" + "url": "https://jvn.jp/jp/JVN55917325/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN55917325/index.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5637.json b/2020/5xxx/CVE-2020-5637.json index 9df6726d388..4f7ac86c51d 100644 --- a/2020/5xxx/CVE-2020-5637.json +++ b/2020/5xxx/CVE-2020-5637.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5637", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,13 +45,19 @@ "references": { "reference_data": [ { - "url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html" + "url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html", + "refsource": "MISC", + "name": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html" }, { - "url": "https://jvn.jp/en/jp/JVN55917325/index.html" + "url": "https://jvn.jp/en/jp/JVN55917325/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN55917325/index.html" }, { - "url": "https://jvn.jp/jp/JVN55917325/index.html" + "url": "https://jvn.jp/jp/JVN55917325/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN55917325/index.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5639.json b/2020/5xxx/CVE-2020-5639.json index efaa6685edc..fa99ee1f07f 100644 --- a/2020/5xxx/CVE-2020-5639.json +++ b/2020/5xxx/CVE-2020-5639.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5639", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,13 +45,19 @@ "references": { "reference_data": [ { - "url": "https://www.soliton.co.jp/support/2020/004278.html" + "url": "https://www.soliton.co.jp/support/2020/004278.html", + "refsource": "MISC", + "name": "https://www.soliton.co.jp/support/2020/004278.html" }, { - "url": "https://jvn.jp/en/jp/JVN12884935/index.html" + "url": "https://jvn.jp/en/jp/JVN12884935/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN12884935/index.html" }, { - "url": "https://jvn.jp/jp/JVN12884935/index.html" + "url": "https://jvn.jp/jp/JVN12884935/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN12884935/index.html" } ] }, @@ -58,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed." + "value": "Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed." } ] } diff --git a/2020/5xxx/CVE-2020-5665.json b/2020/5xxx/CVE-2020-5665.json index 0fb7b518aee..0c8f04a2b95 100644 --- a/2020/5xxx/CVE-2020-5665.json +++ b/2020/5xxx/CVE-2020-5665.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5665", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,16 +45,24 @@ "references": { "reference_data": [ { - "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01" + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01", + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-345-01" }, { - "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-018_en.pdf" + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-018_en.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-018_en.pdf" }, { - "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf" + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-018.pdf" }, { - "url": "https://jvn.jp/vu/JVNVU95638588/index.html" + "url": "https://jvn.jp/vu/JVNVU95638588/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU95638588/index.html" } ] },