diff --git a/2020/17xxx/CVE-2020-17508.json b/2020/17xxx/CVE-2020-17508.json index dde059a6f38..2cc1dbe24c3 100644 --- a/2020/17xxx/CVE-2020-17508.json +++ b/2020/17xxx/CVE-2020-17508.json @@ -1,14 +1,17 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "security@apache.org", "ID": "CVE-2020-17508", - "STATE": "PUBLIC", - "TITLE": "Apache Traffic Server ESI plugin has a memory disclosure vulnerability" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "n/a", "product": { "product_data": [ { @@ -16,52 +19,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "Apache Traffic Server", - "version_value": "6.2.3" - }, - { - "version_affected": "<", - "version_name": "Apache Traffic Server", - "version_value": "7.1.12" - }, - { - "version_affected": "<", - "version_name": "Apache Traffic Server", - "version_value": "8.1.0" + "version_value": "Apache Traffic Server 7.0.0 to 7.1.11, 8.0.0 to 8.1.0" } ] } } ] - }, - "vendor_name": "Apache Software Foundation" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": {}, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "Memory Disclosure" + "value": "Information Disclosure" } ] } @@ -71,12 +46,17 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E", - "name": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E" + "name": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E" } ] }, - "source": { - "discovery": "UNKNOWN" + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected." + } + ] } } \ No newline at end of file diff --git a/2020/17xxx/CVE-2020-17509.json b/2020/17xxx/CVE-2020-17509.json index 1e9dce480de..d6cafa81e54 100644 --- a/2020/17xxx/CVE-2020-17509.json +++ b/2020/17xxx/CVE-2020-17509.json @@ -1,14 +1,17 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "security@apache.org", "ID": "CVE-2020-17509", - "STATE": "PUBLIC", - "TITLE": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "n/a", "product": { "product_data": [ { @@ -16,52 +19,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "Apache Traffic Server", - "version_value": "6.2.3" - }, - { - "version_affected": "<", - "version_name": "Apache Traffic Server", - "version_value": "7.1.11" - }, - { - "version_affected": "<", - "version_name": "Apache Traffic Server", - "version_value": "8.0.8" + "version_value": "Apache Traffic Server 7.0.0 to 7.1.11, 8.0.0 to 8.1.0" } ] } } ] - }, - "vendor_name": "Apache Software Foundation" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. If you have this option enabled, please upgrade or disable this feature." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": {}, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "cache poisoning attack" + "value": "Improper Enforcement of Behavioral Workflow" } ] } @@ -71,12 +46,17 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E", - "name": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E" + "name": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E", + "url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E" } ] }, - "source": { - "discovery": "UNKNOWN" + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected." + } + ] } } \ No newline at end of file diff --git a/2020/23xxx/CVE-2020-23960.json b/2020/23xxx/CVE-2020-23960.json index db59ee0e825..9be1b96e0cf 100644 --- a/2020/23xxx/CVE-2020-23960.json +++ b/2020/23xxx/CVE-2020-23960.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23960", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23960", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/forkcms/forkcms/pull/3123", + "refsource": "MISC", + "name": "https://github.com/forkcms/forkcms/pull/3123" + }, + { + "url": "https://www.fork-cms.com/blog/detail/fork-5.8.3-released", + "refsource": "MISC", + "name": "https://www.fork-cms.com/blog/detail/fork-5.8.3-released" } ] } diff --git a/2020/27xxx/CVE-2020-27281.json b/2020/27xxx/CVE-2020-27281.json index 315bda176f5..bae9d58b8c0 100644 --- a/2020/27xxx/CVE-2020-27281.json +++ b/2020/27xxx/CVE-2020-27281.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Delta Electronics CNCSoft ScreenEditor", + "version": { + "version_data": [ + { + "version_value": "CNCSoft ScreenEditor Versions 1.01.26 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-06" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code." } ] } diff --git a/2020/35xxx/CVE-2020-35701.json b/2020/35xxx/CVE-2020-35701.json index f91497b1e8b..5e01c79aebe 100644 --- a/2020/35xxx/CVE-2020-35701.json +++ b/2020/35xxx/CVE-2020-35701.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35701", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35701", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/", + "refsource": "MISC", + "name": "https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/4022", + "url": "https://github.com/Cacti/cacti/issues/4022" } ] }