diff --git a/2018/7xxx/CVE-2018-7638.json b/2018/7xxx/CVE-2018-7638.json index f68ac08cde3..3433f331541 100644 --- a/2018/7xxx/CVE-2018-7638.json +++ b/2018/7xxx/CVE-2018-7638.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html" } ] } diff --git a/2018/7xxx/CVE-2018-7640.json b/2018/7xxx/CVE-2018-7640.json index 52fdb491a88..ced2244c005 100644 --- a/2018/7xxx/CVE-2018-7640.json +++ b/2018/7xxx/CVE-2018-7640.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html" } ] } diff --git a/2018/7xxx/CVE-2018-7641.json b/2018/7xxx/CVE-2018-7641.json index 87faf5cea39..496c00ca389 100644 --- a/2018/7xxx/CVE-2018-7641.json +++ b/2018/7xxx/CVE-2018-7641.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html" } ] } diff --git a/2019/1010xxx/CVE-2019-1010174.json b/2019/1010xxx/CVE-2019-1010174.json index d4600b7c2e4..5db9eba6c38 100644 --- a/2019/1010xxx/CVE-2019-1010174.json +++ b/2019/1010xxx/CVE-2019-1010174.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190928 [SECURITY] [DLA 1934-1] cimg security update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2421-1] cimg security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html" } ] } diff --git a/2019/10xxx/CVE-2019-10894.json b/2019/10xxx/CVE-2019-10894.json index 4e00bf1a69e..d570f40ab23 100644 --- a/2019/10xxx/CVE-2019-10894.json +++ b/2019/10xxx/CVE-2019-10894.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0362", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html" } ] } diff --git a/2019/10xxx/CVE-2019-10895.json b/2019/10xxx/CVE-2019-10895.json index e11cb1753fe..c9c04694a03 100644 --- a/2019/10xxx/CVE-2019-10895.json +++ b/2019/10xxx/CVE-2019-10895.json @@ -116,6 +116,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0362", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html" } ] } diff --git a/2019/10xxx/CVE-2019-10896.json b/2019/10xxx/CVE-2019-10896.json index 1b21411170c..a233594be4f 100644 --- a/2019/10xxx/CVE-2019-10896.json +++ b/2019/10xxx/CVE-2019-10896.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0362", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html" } ] } diff --git a/2019/10xxx/CVE-2019-10899.json b/2019/10xxx/CVE-2019-10899.json index 30311fe9fc4..be99d43e5a0 100644 --- a/2019/10xxx/CVE-2019-10899.json +++ b/2019/10xxx/CVE-2019-10899.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0362", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html" } ] } diff --git a/2019/10xxx/CVE-2019-10901.json b/2019/10xxx/CVE-2019-10901.json index da478c6f828..fbdcab5cd38 100644 --- a/2019/10xxx/CVE-2019-10901.json +++ b/2019/10xxx/CVE-2019-10901.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0362", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html" } ] } diff --git a/2019/10xxx/CVE-2019-10903.json b/2019/10xxx/CVE-2019-10903.json index fc62347739e..d505b65cc85 100644 --- a/2019/10xxx/CVE-2019-10903.json +++ b/2019/10xxx/CVE-2019-10903.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0362", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html" } ] } diff --git a/2019/12xxx/CVE-2019-12295.json b/2019/12xxx/CVE-2019-12295.json index 4eb5f195af9..11d5f9f4676 100644 --- a/2019/12xxx/CVE-2019-12295.json +++ b/2019/12xxx/CVE-2019-12295.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K06725231?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K06725231?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html" } ] } diff --git a/2020/11xxx/CVE-2020-11117.json b/2020/11xxx/CVE-2020-11117.json index 43c10862b65..41ba0cf3f07 100644 --- a/2020/11xxx/CVE-2020-11117.json +++ b/2020/11xxx/CVE-2020-11117.json @@ -1,62 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-security@qualcomm.com", - "ID": "CVE-2020-11117", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking", - "version": { - "version_data": [ - { - "version_value": "IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980" - } - ] - } - } - ] - }, - "vendor_name": "Qualcomm, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Command Injection Vulnerability in lbd service" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2020-11117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin", - "refsource": "CONFIRM", - "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection Vulnerability in lbd service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065" + } + ] + } } \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11853.json b/2020/11xxx/CVE-2020-11853.json index c984c025ac2..81d3ee472e1 100644 --- a/2020/11xxx/CVE-2020-11853.json +++ b/2020/11xxx/CVE-2020-11853.json @@ -225,7 +225,7 @@ "description_data": [ { "lang": "eng", - "value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow remote attackers to execute arbitrary code." + "value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code." } ] }, diff --git a/2020/11xxx/CVE-2020-11993.json b/2020/11xxx/CVE-2020-11993.json index 34b623a6f7f..bc96fe85325 100644 --- a/2020/11xxx/CVE-2020-11993.json +++ b/2020/11xxx/CVE-2020-11993.json @@ -108,6 +108,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200814-0005/", "url": "https://security.netapp.com/advisory/ntap-20200814-0005/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1792", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html" } ] }, diff --git a/2020/14xxx/CVE-2020-14779.json b/2020/14xxx/CVE-2020-14779.json index 7d5f108fa0e..9248d37c7bf 100644 --- a/2020/14xxx/CVE-2020-14779.json +++ b/2020/14xxx/CVE-2020-14779.json @@ -101,6 +101,26 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-febe36c3ac", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-421f817e5f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a405eea76a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-fdc79d8e5b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/" } ] } diff --git a/2020/15xxx/CVE-2020-15276.json b/2020/15xxx/CVE-2020-15276.json index 08a36ddd703..bd19558d3b1 100644 --- a/2020/15xxx/CVE-2020-15276.json +++ b/2020/15xxx/CVE-2020-15276.json @@ -69,6 +69,11 @@ }, "references": { "reference_data": [ + { + "name": "https://basercms.net/security/20201029", + "refsource": "MISC", + "url": "https://basercms.net/security/20201029" + }, { "name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg", "refsource": "CONFIRM", @@ -78,11 +83,6 @@ "name": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54", "refsource": "MISC", "url": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54" - }, - { - "name": "https://basercms.net/security/20201029", - "refsource": "MISC", - "url": "https://basercms.net/security/20201029" } ] }, diff --git a/2020/15xxx/CVE-2020-15673.json b/2020/15xxx/CVE-2020-15673.json index db4d9f49506..10a3d64229c 100644 --- a/2020/15xxx/CVE-2020-15673.json +++ b/2020/15xxx/CVE-2020-15673.json @@ -101,6 +101,11 @@ "refsource": "GENTOO", "name": "GLSA-202010-02", "url": "https://security.gentoo.org/glsa/202010-02" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1780", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15676.json b/2020/15xxx/CVE-2020-15676.json index 61e285c97b9..03baf97a671 100644 --- a/2020/15xxx/CVE-2020-15676.json +++ b/2020/15xxx/CVE-2020-15676.json @@ -101,6 +101,11 @@ "refsource": "GENTOO", "name": "GLSA-202010-02", "url": "https://security.gentoo.org/glsa/202010-02" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1780", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15677.json b/2020/15xxx/CVE-2020-15677.json index 13f0c8d9517..f5deb5e3285 100644 --- a/2020/15xxx/CVE-2020-15677.json +++ b/2020/15xxx/CVE-2020-15677.json @@ -101,6 +101,11 @@ "refsource": "GENTOO", "name": "GLSA-202010-02", "url": "https://security.gentoo.org/glsa/202010-02" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1780", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15678.json b/2020/15xxx/CVE-2020-15678.json index b27176ec862..7aa98aeb776 100644 --- a/2020/15xxx/CVE-2020-15678.json +++ b/2020/15xxx/CVE-2020-15678.json @@ -101,6 +101,11 @@ "refsource": "GENTOO", "name": "GLSA-202010-02", "url": "https://security.gentoo.org/glsa/202010-02" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1780", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15683.json b/2020/15xxx/CVE-2020-15683.json index d11682b130d..d52167e4b01 100644 --- a/2020/15xxx/CVE-2020-15683.json +++ b/2020/15xxx/CVE-2020-15683.json @@ -111,6 +111,11 @@ "refsource": "GENTOO", "name": "GLSA-202010-08", "url": "https://security.gentoo.org/glsa/202010-08" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1780", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25637.json b/2020/25xxx/CVE-2020-25637.json index 14523ca07b8..31155b2adf3 100644 --- a/2020/25xxx/CVE-2020-25637.json +++ b/2020/25xxx/CVE-2020-25637.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1778", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1777", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html" } ] }, diff --git a/2020/26xxx/CVE-2020-26575.json b/2020/26xxx/CVE-2020-26575.json index 38f87d72216..bdd11d07202 100644 --- a/2020/26xxx/CVE-2020-26575.json +++ b/2020/26xxx/CVE-2020-26575.json @@ -81,6 +81,11 @@ "url": "https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab", "refsource": "MISC", "name": "https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab" + }, + { + "refsource": "CONFIRM", + "name": "https://www.wireshark.org/security/wnpa-sec-2020-14.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2020-14.html" } ] } diff --git a/2020/27xxx/CVE-2020-27014.json b/2020/27xxx/CVE-2020-27014.json index 6290d78d295..25d95975e63 100644 --- a/2020/27xxx/CVE-2020-27014.json +++ b/2020/27xxx/CVE-2020-27014.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability." + "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\\n\\n\\r\\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability." } ] }, diff --git a/2020/27xxx/CVE-2020-27533.json b/2020/27xxx/CVE-2020-27533.json index 5c60f5fb41b..f3f1943895c 100644 --- a/2020/27xxx/CVE-2020-27533.json +++ b/2020/27xxx/CVE-2020-27533.json @@ -56,6 +56,11 @@ "url": "https://github.com/dedetech/issues/issues/16", "refsource": "MISC", "name": "https://github.com/dedetech/issues/issues/16" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159772/DedeCMS-5.8-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/159772/DedeCMS-5.8-Cross-Site-Scripting.html" } ] } diff --git a/2020/28xxx/CVE-2020-28007.json b/2020/28xxx/CVE-2020-28007.json new file mode 100644 index 00000000000..872850bf6ff --- /dev/null +++ b/2020/28xxx/CVE-2020-28007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28008.json b/2020/28xxx/CVE-2020-28008.json new file mode 100644 index 00000000000..0051cff5aee --- /dev/null +++ b/2020/28xxx/CVE-2020-28008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28009.json b/2020/28xxx/CVE-2020-28009.json new file mode 100644 index 00000000000..4eb88944241 --- /dev/null +++ b/2020/28xxx/CVE-2020-28009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28010.json b/2020/28xxx/CVE-2020-28010.json new file mode 100644 index 00000000000..aeaeb84507f --- /dev/null +++ b/2020/28xxx/CVE-2020-28010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28011.json b/2020/28xxx/CVE-2020-28011.json new file mode 100644 index 00000000000..f36ca2409f4 --- /dev/null +++ b/2020/28xxx/CVE-2020-28011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28012.json b/2020/28xxx/CVE-2020-28012.json new file mode 100644 index 00000000000..bee5e22cc5e --- /dev/null +++ b/2020/28xxx/CVE-2020-28012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28013.json b/2020/28xxx/CVE-2020-28013.json new file mode 100644 index 00000000000..82a35f1b7b1 --- /dev/null +++ b/2020/28xxx/CVE-2020-28013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28014.json b/2020/28xxx/CVE-2020-28014.json new file mode 100644 index 00000000000..27fc76fd56e --- /dev/null +++ b/2020/28xxx/CVE-2020-28014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28015.json b/2020/28xxx/CVE-2020-28015.json new file mode 100644 index 00000000000..aafc4b97068 --- /dev/null +++ b/2020/28xxx/CVE-2020-28015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28016.json b/2020/28xxx/CVE-2020-28016.json new file mode 100644 index 00000000000..8e1100d7b48 --- /dev/null +++ b/2020/28xxx/CVE-2020-28016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28017.json b/2020/28xxx/CVE-2020-28017.json new file mode 100644 index 00000000000..f8920e21a4b --- /dev/null +++ b/2020/28xxx/CVE-2020-28017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28018.json b/2020/28xxx/CVE-2020-28018.json new file mode 100644 index 00000000000..f97c4231eb5 --- /dev/null +++ b/2020/28xxx/CVE-2020-28018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28019.json b/2020/28xxx/CVE-2020-28019.json new file mode 100644 index 00000000000..e8bf9a45502 --- /dev/null +++ b/2020/28xxx/CVE-2020-28019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28020.json b/2020/28xxx/CVE-2020-28020.json new file mode 100644 index 00000000000..427994b1a4f --- /dev/null +++ b/2020/28xxx/CVE-2020-28020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28021.json b/2020/28xxx/CVE-2020-28021.json new file mode 100644 index 00000000000..7031bc65580 --- /dev/null +++ b/2020/28xxx/CVE-2020-28021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28022.json b/2020/28xxx/CVE-2020-28022.json new file mode 100644 index 00000000000..b02c50cdf49 --- /dev/null +++ b/2020/28xxx/CVE-2020-28022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28023.json b/2020/28xxx/CVE-2020-28023.json new file mode 100644 index 00000000000..7eb0c22ecf8 --- /dev/null +++ b/2020/28xxx/CVE-2020-28023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28024.json b/2020/28xxx/CVE-2020-28024.json new file mode 100644 index 00000000000..a9cf6fda18c --- /dev/null +++ b/2020/28xxx/CVE-2020-28024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28025.json b/2020/28xxx/CVE-2020-28025.json new file mode 100644 index 00000000000..ffdf84a7e52 --- /dev/null +++ b/2020/28xxx/CVE-2020-28025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28026.json b/2020/28xxx/CVE-2020-28026.json new file mode 100644 index 00000000000..1c32d4c1b5b --- /dev/null +++ b/2020/28xxx/CVE-2020-28026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28027.json b/2020/28xxx/CVE-2020-28027.json new file mode 100644 index 00000000000..feb8bc4d4c6 --- /dev/null +++ b/2020/28xxx/CVE-2020-28027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28028.json b/2020/28xxx/CVE-2020-28028.json new file mode 100644 index 00000000000..db6d8c856b0 --- /dev/null +++ b/2020/28xxx/CVE-2020-28028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28029.json b/2020/28xxx/CVE-2020-28029.json new file mode 100644 index 00000000000..a90155754c2 --- /dev/null +++ b/2020/28xxx/CVE-2020-28029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28030.json b/2020/28xxx/CVE-2020-28030.json new file mode 100644 index 00000000000..1231c986758 --- /dev/null +++ b/2020/28xxx/CVE-2020-28030.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/wireshark/wireshark/-/issues/16887", + "refsource": "MISC", + "name": "https://gitlab.com/wireshark/wireshark/-/issues/16887" + }, + { + "url": "https://www.wireshark.org/security/wnpa-sec-2020-15.html", + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2020-15.html" + }, + { + "url": "https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b", + "refsource": "MISC", + "name": "https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28031.json b/2020/28xxx/CVE-2020-28031.json new file mode 100644 index 00000000000..7a06a4b8a3b --- /dev/null +++ b/2020/28xxx/CVE-2020-28031.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://discussions.eramba.org/t/bug-injectable-host-header-security-issue/1719", + "refsource": "MISC", + "name": "https://discussions.eramba.org/t/bug-injectable-host-header-security-issue/1719" + }, + { + "url": "https://www.eramba.org/releases", + "refsource": "MISC", + "name": "https://www.eramba.org/releases" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28032.json b/2020/28xxx/CVE-2020-28032.json new file mode 100644 index 00000000000..36ac69d8791 --- /dev/null +++ b/2020/28xxx/CVE-2020-28032.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + }, + { + "url": "https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3", + "refsource": "MISC", + "name": "https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3" + }, + { + "url": "https://wpscan.com/vulnerability/10446", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/10446" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28033.json b/2020/28xxx/CVE-2020-28033.json new file mode 100644 index 00000000000..fa16a02f140 --- /dev/null +++ b/2020/28xxx/CVE-2020-28033.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28034.json b/2020/28xxx/CVE-2020-28034.json new file mode 100644 index 00000000000..876e03e11b4 --- /dev/null +++ b/2020/28xxx/CVE-2020-28034.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.5.2 allows XSS associated with global variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28035.json b/2020/28xxx/CVE-2020-28035.json new file mode 100644 index 00000000000..906c1816f62 --- /dev/null +++ b/2020/28xxx/CVE-2020-28035.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28036.json b/2020/28xxx/CVE-2020-28036.json new file mode 100644 index 00000000000..bdba68348ba --- /dev/null +++ b/2020/28xxx/CVE-2020-28036.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + }, + { + "url": "https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32", + "refsource": "MISC", + "name": "https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32" + }, + { + "url": "https://wpscan.com/vulnerability/10449", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/10449" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28037.json b/2020/28xxx/CVE-2020-28037.json new file mode 100644 index 00000000000..68ae438a9b5 --- /dev/null +++ b/2020/28xxx/CVE-2020-28037.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + }, + { + "url": "https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c", + "refsource": "MISC", + "name": "https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c" + }, + { + "url": "https://wpscan.com/vulnerability/10450", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/10450" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28038.json b/2020/28xxx/CVE-2020-28038.json new file mode 100644 index 00000000000..c5ff08773a5 --- /dev/null +++ b/2020/28xxx/CVE-2020-28038.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.5.2 allows stored XSS via post slugs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + }, + { + "url": "https://blog.ripstech.com", + "refsource": "MISC", + "name": "https://blog.ripstech.com" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28039.json b/2020/28xxx/CVE-2020-28039.json new file mode 100644 index 00000000000..cc27525c06a --- /dev/null +++ b/2020/28xxx/CVE-2020-28039.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + }, + { + "url": "https://wpscan.com/vulnerability/10452", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/10452" + }, + { + "url": "https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad", + "refsource": "MISC", + "name": "https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28040.json b/2020/28xxx/CVE-2020-28040.json new file mode 100644 index 00000000000..acfba78d88a --- /dev/null +++ b/2020/28xxx/CVE-2020-28040.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.5.2 allows CSRF attacks that change a theme's background image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" + }, + { + "url": "https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html", + "refsource": "MISC", + "name": "https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5425.json b/2020/5xxx/CVE-2020-5425.json index ad4a84b868d..02382edeb36 100644 --- a/2020/5xxx/CVE-2020-5425.json +++ b/2020/5xxx/CVE-2020-5425.json @@ -51,7 +51,7 @@ "description_data": [ { "lang": "eng", - "value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions.\n\nNote: Foundation may be vulnerable only if:\n1) The system zone is set up to use a SAML identity provider\n2) There are internal users that have the same username as users in the external SAML provider\n3) Those duplicate-named users have the scope to access the SSO operator dashboard\n4) The vulnerability doesn't appear with LDAP because of chained authentication.\n" + "value": "Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication." } ] }, diff --git a/2020/8xxx/CVE-2020-8173.json b/2020/8xxx/CVE-2020-8173.json index c559e02f2ab..f6662a76c68 100644 --- a/2020/8xxx/CVE-2020-8173.json +++ b/2020/8xxx/CVE-2020-8173.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "18.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues - Generic (CWE-310)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/852841", + "url": "https://hackerone.com/reports/852841" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-023", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended." } ] } diff --git a/2020/8xxx/CVE-2020-8183.json b/2020/8xxx/CVE-2020-8183.json index 4f60b819928..7f9809304a1 100644 --- a/2020/8xxx/CVE-2020-8183.json +++ b/2020/8xxx/CVE-2020-8183.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "19.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Plaintext Storage of a Password (CWE-256)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-026", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-026" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/885041", + "url": "https://hackerone.com/reports/885041" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call." } ] } diff --git a/2020/8xxx/CVE-2020-8236.json b/2020/8xxx/CVE-2020-8236.json index f08ace73fc5..290fe8a83ca 100644 --- a/2020/8xxx/CVE-2020-8236.json +++ b/2020/8xxx/CVE-2020-8236.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "19.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/924393", + "url": "https://hackerone.com/reports/924393" + }, + { + "refsource": "MISC", + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-037", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-037" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it." } ] } diff --git a/2020/9xxx/CVE-2020-9490.json b/2020/9xxx/CVE-2020-9490.json index fb40cf966d6..165059e7c7f 100644 --- a/2020/9xxx/CVE-2020-9490.json +++ b/2020/9xxx/CVE-2020-9490.json @@ -108,6 +108,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200814-0005/", "url": "https://security.netapp.com/advisory/ntap-20200814-0005/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1792", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html" } ] },