diff --git a/2019/17xxx/CVE-2019-17570.json b/2019/17xxx/CVE-2019-17570.json index 4c3f1462a5e..46d9c3b794c 100644 --- a/2019/17xxx/CVE-2019-17570.json +++ b/2019/17xxx/CVE-2019-17570.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-1d0635bd71", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3QCRLJYQRGVTIYF4BXYRFSF3ONP3TBF/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4496-1", + "url": "https://usn.ubuntu.com/4496-1/" } ] }, diff --git a/2020/10xxx/CVE-2020-10718.json b/2020/10xxx/CVE-2020-10718.json index df870ccc362..43580dccccf 100644 --- a/2020/10xxx/CVE-2020-10718.json +++ b/2020/10xxx/CVE-2020-10718.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Wildfly", + "version": { + "version_data": [ + { + "version_value": "before wildfly-embedded-13.0.0.Final" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposed Dangerous Method or Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality." } ] } diff --git a/2020/13xxx/CVE-2020-13259.json b/2020/13xxx/CVE-2020-13259.json index f792d6c61d5..c5a80ed3339 100644 --- a/2020/13xxx/CVE-2020-13259.json +++ b/2020/13xxx/CVE-2020-13259.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13259", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13259", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2020090064", + "url": "https://cxsecurity.com/issue/WLB-2020090064" + }, + { + "refsource": "EXPLOIT-DB", + "name": "48809", + "url": "https://www.exploit-db.com/exploits/48809" } ] } diff --git a/2020/1xxx/CVE-2020-1472.json b/2020/1xxx/CVE-2020-1472.json index 72e87768a27..eb3b4f491f1 100644 --- a/2020/1xxx/CVE-2020-1472.json +++ b/2020/1xxx/CVE-2020-1472.json @@ -181,6 +181,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html", "url": "http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html" + }, + { + "refsource": "CERT-VN", + "name": "VU#490028", + "url": "https://www.kb.cert.org/vuls/id/490028" } ] } diff --git a/2020/1xxx/CVE-2020-1694.json b/2020/1xxx/CVE-2020-1694.json index 82012ae14b2..cfb4fe44c67 100644 --- a/2020/1xxx/CVE-2020-1694.json +++ b/2020/1xxx/CVE-2020-1694.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "all versions before 10.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-183" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions." } ] } diff --git a/2020/24xxx/CVE-2020-24891.json b/2020/24xxx/CVE-2020-24891.json index c301ae3ff1b..b5abbdca2a3 100644 --- a/2020/24xxx/CVE-2020-24891.json +++ b/2020/24xxx/CVE-2020-24891.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-24891", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24891", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "A null pointer dereference in TIFFReadRawDataTiled at tiffinfo.c in tiffinfo version 4.1.0 may cause context-dependent arbitrary code execution." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://gitlab.com/libtiff/libtiff/-/issues/210", - "refsource": "MISC", - "name": "https://gitlab.com/libtiff/libtiff/-/issues/210" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/25xxx/CVE-2020-25624.json b/2020/25xxx/CVE-2020-25624.json new file mode 100644 index 00000000000..9e70211053e --- /dev/null +++ b/2020/25xxx/CVE-2020-25624.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-25624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25625.json b/2020/25xxx/CVE-2020-25625.json new file mode 100644 index 00000000000..a67ba68a48f --- /dev/null +++ b/2020/25xxx/CVE-2020-25625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-25625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6146.json b/2020/6xxx/CVE-2020-6146.json index d0ece270f60..5c1f4de942a 100644 --- a/2020/6xxx/CVE-2020-6146.json +++ b/2020/6xxx/CVE-2020-6146.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nitro Pro", + "version": { + "version_data": [ + { + "version_value": "Nitro Pro 13.13.2.242, Nitro Pro 13.16.2.300" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1084", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1084" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6781.json b/2020/6xxx/CVE-2020-6781.json index a918269526b..b4ea2105119 100644 --- a/2020/6xxx/CVE-2020-6781.json +++ b/2020/6xxx/CVE-2020-6781.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2020-08-25T00:00:00.000Z", "ID": "CVE-2020-6781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Certificate Validation in Bosch Smart Home System App for iOS" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smart Home", + "version": { + "version_data": [ + { + "platform": "iOS", + "version_affected": "<", + "version_value": "9.17.1" + } + ] + } + } + ] + }, + "vendor_name": "Bosch" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-347336.html", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-347336.html" + } + ] + }, + "source": { + "advisory": "BOSCH-SA-347336", + "discovery": "INTERNAL" } } \ No newline at end of file