diff --git a/2020/24xxx/CVE-2020-24571.json b/2020/24xxx/CVE-2020-24571.json new file mode 100644 index 00000000000..8e4c17f0b34 --- /dev/null +++ b/2020/24xxx/CVE-2020-24571.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371", + "refsource": "MISC", + "name": "https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24572.json b/2020/24xxx/CVE-2020-24572.json new file mode 100644 index 00000000000..f9f2169e7b0 --- /dev/null +++ b/2020/24xxx/CVE-2020-24572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24573.json b/2020/24xxx/CVE-2020-24573.json new file mode 100644 index 00000000000..3aad8343224 --- /dev/null +++ b/2020/24xxx/CVE-2020-24573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24574.json b/2020/24xxx/CVE-2020-24574.json new file mode 100644 index 00000000000..66841c00ff6 --- /dev/null +++ b/2020/24xxx/CVE-2020-24574.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-24574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based \"trusted client\" protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gog.com/galaxy", + "refsource": "MISC", + "name": "https://www.gog.com/galaxy" + }, + { + "url": "https://www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce/", + "refsource": "MISC", + "name": "https://www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce/" + }, + { + "url": "https://github.com/jtesta/gog_galaxy_client_service_poc", + "refsource": "MISC", + "name": "https://github.com/jtesta/gog_galaxy_client_service_poc" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24575.json b/2020/24xxx/CVE-2020-24575.json new file mode 100644 index 00000000000..ebca22e1172 --- /dev/null +++ b/2020/24xxx/CVE-2020-24575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24576.json b/2020/24xxx/CVE-2020-24576.json new file mode 100644 index 00000000000..d846d016337 --- /dev/null +++ b/2020/24xxx/CVE-2020-24576.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-24576", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file