diff --git a/2017/15xxx/CVE-2017-15672.json b/2017/15xxx/CVE-2017-15672.json index db9037a2516..45f2fdf29aa 100644 --- a/2017/15xxx/CVE-2017-15672.json +++ b/2017/15xxx/CVE-2017-15672.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read." + "value": "The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read." } ] }, @@ -76,6 +76,11 @@ "name": "DSA-4049", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4049" + }, + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708", + "url": "https://github.com/FFmpeg/FFmpeg/commit/d893253fcd93d11258e98857175e93be7d158708" } ] } diff --git a/2018/13xxx/CVE-2018-13300.json b/2018/13xxx/CVE-2018-13300.json index 15135349b51..31558de23ac 100644 --- a/2018/13xxx/CVE-2018-13300.json +++ b/2018/13xxx/CVE-2018-13300.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure." + "value": "In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure." } ] }, @@ -66,6 +66,11 @@ "name": "104675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104675" + }, + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/e6d3fd942f772f54ab6a5ca619cdaadef26b7702", + "url": "https://github.com/FFmpeg/FFmpeg/commit/e6d3fd942f772f54ab6a5ca619cdaadef26b7702" } ] } diff --git a/2019/16xxx/CVE-2019-16223.json b/2019/16xxx/CVE-2019-16223.json index ad62d31e275..91f87bcd4f6 100644 --- a/2019/16xxx/CVE-2019-16223.json +++ b/2019/16xxx/CVE-2019-16223.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4677", "url": "https://www.debian.org/security/2020/dsa-4677" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160745/WordPress-Core-5.2.2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/160745/WordPress-Core-5.2.2-Cross-Site-Scripting.html" } ] } diff --git a/2019/25xxx/CVE-2019-25013.json b/2019/25xxx/CVE-2019-25013.json new file mode 100644 index 00000000000..ace78036669 --- /dev/null +++ b/2019/25xxx/CVE-2019-25013.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-25013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973", + "refsource": "MISC", + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973" + }, + { + "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b", + "refsource": "MISC", + "name": "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b" + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28413.json b/2020/28xxx/CVE-2020-28413.json index 9dafbcd2903..fb7a2f2c5b7 100644 --- a/2020/28xxx/CVE-2020-28413.json +++ b/2020/28xxx/CVE-2020-28413.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d", "url": "https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html" } ] }, diff --git a/2020/29xxx/CVE-2020-29589.json b/2020/29xxx/CVE-2020-29589.json index ccd468e1d09..69f8a56fdec 100644 --- a/2020/29xxx/CVE-2020-29589.json +++ b/2020/29xxx/CVE-2020-29589.json @@ -1,81 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-29589", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29589", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Versions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://hub.docker.com/_/kapacitor", - "refsource": "MISC", - "name": "https://hub.docker.com/_/kapacitor" - }, - { - "url": "https://github.com/influxdata/influxdata-docker", - "refsource": "MISC", - "name": "https://github.com/influxdata/influxdata-docker" - }, - { - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021", - "refsource": "MISC", - "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021" - }, - { - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29389", - "refsource": "MISC", - "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29389" - }, - { - "refsource": "MISC", - "name": "https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-29589", - "url": "https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-29589" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-5021. Reason: This candidate is a reservation duplicate of CVE-2019-5021. Notes: All CVE users should reference CVE-2019-5021 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2020/35xxx/CVE-2020-35194.json b/2020/35xxx/CVE-2020-35194.json index d74ad531119..59c28ccbe7c 100644 --- a/2020/35xxx/CVE-2020-35194.json +++ b/2020/35xxx/CVE-2020-35194.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-35194", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35194", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "The official influxdb docker images before 1.7.3-meta-alpine (Alpine specific) contain a blank password for a root user. System using the influxdb docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35194", - "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35194" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-5021. Reason: This candidate is a reservation duplicate of CVE-2019-5021. Notes: All CVE users should reference CVE-2019-5021 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2020/35xxx/CVE-2020-35219.json b/2020/35xxx/CVE-2020-35219.json index 070f67f871d..349d60f97b3 100644 --- a/2020/35xxx/CVE-2020-35219.json +++ b/2020/35xxx/CVE-2020-35219.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35219", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35219", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.asus.com/Networking-IoT-Servers/Modem-LTE-Routers/All-series/DSL-N16/HelpDesk_BIOS/", + "url": "https://www.asus.com/Networking-IoT-Servers/Modem-LTE-Routers/All-series/DSL-N16/HelpDesk_BIOS/" + }, + { + "refsource": "MISC", + "name": "https://securityforeveryone.com/blog/asus-dsl-n17u-model-cve-2020-35219", + "url": "https://securityforeveryone.com/blog/asus-dsl-n17u-model-cve-2020-35219" } ] } diff --git a/2020/36xxx/CVE-2020-36155.json b/2020/36xxx/CVE-2020-36155.json new file mode 100644 index 00000000000..50b1f11ef56 --- /dev/null +++ b/2020/36xxx/CVE-2020-36155.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-36155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "url": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/" + }, + { + "url": "https://wpscan.com/vulnerability/cf13b0f8-5815-4d27-a276-5eff8985fc0b", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/cf13b0f8-5815-4d27-a276-5eff8985fc0b" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36156.json b/2020/36xxx/CVE-2020-36156.json new file mode 100644 index 00000000000..5fa31ab9602 --- /dev/null +++ b/2020/36xxx/CVE-2020-36156.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-36156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "url": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/" + }, + { + "url": "https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36157.json b/2020/36xxx/CVE-2020-36157.json new file mode 100644 index 00000000000..3bd4601a082 --- /dev/null +++ b/2020/36xxx/CVE-2020-36157.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-36157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "url": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/" + }, + { + "url": "https://wpscan.com/vulnerability/33f059c5-58e5-44b9-bb27-793c3cedef3b", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/33f059c5-58e5-44b9-bb27-793c3cedef3b" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file