From 6f23d9cf207385969b8a97ed6bcbd48ec8aa636f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Oct 2020 14:01:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14144.json | 66 ++++++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14299.json | 50 ++++++++++++++++++++++++-- 2020/15xxx/CVE-2020-15867.json | 56 +++++++++++++++++++++++++---- 2020/16xxx/CVE-2020-16270.json | 61 +++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26682.json | 61 +++++++++++++++++++++++++++---- 2020/26xxx/CVE-2020-26944.json | 61 +++++++++++++++++++++++++++---- 2020/3xxx/CVE-2020-3991.json | 50 ++++++++++++++++++++++++-- 7 files changed, 369 insertions(+), 36 deletions(-) diff --git a/2020/14xxx/CVE-2020-14144.json b/2020/14xxx/CVE-2020-14144.json index e57d166f34e..a35807e172e 100644 --- a/2020/14xxx/CVE-2020-14144.json +++ b/2020/14xxx/CVE-2020-14144.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/go-gitea/gitea/releases", + "url": "https://github.com/go-gitea/gitea/releases" + }, + { + "refsource": "MISC", + "name": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/", + "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/" + }, + { + "refsource": "MISC", + "name": "https://github.com/go-gitea/gitea/pull/13058", + "url": "https://github.com/go-gitea/gitea/pull/13058" } ] } diff --git a/2020/14xxx/CVE-2020-14299.json b/2020/14xxx/CVE-2020-14299.json index 2990c7f4e83..787a3d524d8 100644 --- a/2020/14xxx/CVE-2020-14299.json +++ b/2020/14xxx/CVE-2020-14299.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "picketbox", + "version": { + "version_data": [ + { + "version_value": "redhat-picketbox 5.0.3.Final-redhat-00007" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability." } ] } diff --git a/2020/15xxx/CVE-2020-15867.json b/2020/15xxx/CVE-2020-15867.json index 9dad49fe442..c43d11c92fb 100644 --- a/2020/15xxx/CVE-2020-15867.json +++ b/2020/15xxx/CVE-2020-15867.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15867", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15867", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/", + "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/" } ] } diff --git a/2020/16xxx/CVE-2020-16270.json b/2020/16xxx/CVE-2020-16270.json index d6fa4ee8585..a9882e2176d 100644 --- a/2020/16xxx/CVE-2020-16270.json +++ b/2020/16xxx/CVE-2020-16270.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-16270", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-16270", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OLIMPOKS before 5.1.0 allows Auth/Admin ErrorMessage XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://olimpoks.ru/oks/forum/olimpoks5.php", + "refsource": "MISC", + "name": "https://olimpoks.ru/oks/forum/olimpoks5.php" + }, + { + "refsource": "MISC", + "name": "https://bdu.fstec.ru/vul/2020-04623", + "url": "https://bdu.fstec.ru/vul/2020-04623" } ] } diff --git a/2020/26xxx/CVE-2020-26682.json b/2020/26xxx/CVE-2020-26682.json index f09b719acfa..025f35622cd 100644 --- a/2020/26xxx/CVE-2020-26682.json +++ b/2020/26xxx/CVE-2020-26682.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26682", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26682", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libass/libass/issues/431", + "refsource": "MISC", + "name": "https://github.com/libass/libass/issues/431" + }, + { + "url": "https://github.com/libass/libass/pull/432", + "refsource": "MISC", + "name": "https://github.com/libass/libass/pull/432" } ] } diff --git a/2020/26xxx/CVE-2020-26944.json b/2020/26xxx/CVE-2020-26944.json index bfc78c4d308..3e8eb6762c6 100644 --- a/2020/26xxx/CVE-2020-26944.json +++ b/2020/26xxx/CVE-2020-26944.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26944", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26944", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.aptean.com", + "refsource": "MISC", + "name": "https://www.aptean.com" + }, + { + "refsource": "MISC", + "name": "https://www.logicallysecure.com/blog/sql-injection-in-aptean/", + "url": "https://www.logicallysecure.com/blog/sql-injection-in-aptean/" } ] } diff --git a/2020/3xxx/CVE-2020-3991.json b/2020/3xxx/CVE-2020-3991.json index 44652fcbab7..71fb95e5ca4 100644 --- a/2020/3xxx/CVE-2020-3991.json +++ b/2020/3xxx/CVE-2020-3991.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Horizon Client for Windows", + "version": { + "version_data": [ + { + "version_value": "VMware Horizon Client for Windows (5.x before 5.5.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0022.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0022.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed." } ] }