diff --git a/2019/19xxx/CVE-2019-19199.json b/2019/19xxx/CVE-2019-19199.json index df85b21b546..4975cd65290 100644 --- a/2019/19xxx/CVE-2019-19199.json +++ b/2019/19xxx/CVE-2019-19199.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19199", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.reddoxx.com/en/products/archiving/", + "refsource": "MISC", + "name": "https://www.reddoxx.com/en/products/archiving/" + }, + { + "url": "https://www.syss.de/pentest-blog/", + "refsource": "MISC", + "name": "https://www.syss.de/pentest-blog/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Sep/49", + "url": "http://seclists.org/fulldisclosure/2020/Sep/49" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-049.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-049.txt" } ] } diff --git a/2020/12xxx/CVE-2020-12123.json b/2020/12xxx/CVE-2020-12123.json index 4037a51b84d..6a259aa5aff 100644 --- a/2020/12xxx/CVE-2020-12123.json +++ b/2020/12xxx/CVE-2020-12123.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12123", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12123", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html", + "refsource": "MISC", + "name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html" + }, + { + "refsource": "MISC", + "name": "https://cerne.xyz/bugs/CVE-2020-12123", + "url": "https://cerne.xyz/bugs/CVE-2020-12123" } ] } diff --git a/2020/12xxx/CVE-2020-12124.json b/2020/12xxx/CVE-2020-12124.json index 364ba360799..cac9ded5206 100644 --- a/2020/12xxx/CVE-2020-12124.json +++ b/2020/12xxx/CVE-2020-12124.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html", + "refsource": "MISC", + "name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html" + }, + { + "refsource": "MISC", + "name": "https://cerne.xyz/bugs/CVE-2020-12124", + "url": "https://cerne.xyz/bugs/CVE-2020-12124" } ] } diff --git a/2020/12xxx/CVE-2020-12125.json b/2020/12xxx/CVE-2020-12125.json index 0e811285043..c51537771bf 100644 --- a/2020/12xxx/CVE-2020-12125.json +++ b/2020/12xxx/CVE-2020-12125.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12125", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12125", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html", + "refsource": "MISC", + "name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html" + }, + { + "refsource": "MISC", + "name": "https://cerne.xyz/bugs/CVE-2020-12125", + "url": "https://cerne.xyz/bugs/CVE-2020-12125" } ] } diff --git a/2020/12xxx/CVE-2020-12126.json b/2020/12xxx/CVE-2020-12126.json index 51f552ef269..e23af5ea20f 100644 --- a/2020/12xxx/CVE-2020-12126.json +++ b/2020/12xxx/CVE-2020-12126.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12126", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12126", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html", + "refsource": "MISC", + "name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html" + }, + { + "refsource": "MISC", + "name": "https://cerne.xyz/bugs/CVE-2020-12126", + "url": "https://cerne.xyz/bugs/CVE-2020-12126" } ] } diff --git a/2020/12xxx/CVE-2020-12127.json b/2020/12xxx/CVE-2020-12127.json index 5566d69c746..987bcbc6471 100644 --- a/2020/12xxx/CVE-2020-12127.json +++ b/2020/12xxx/CVE-2020-12127.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12127", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12127", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html", + "refsource": "MISC", + "name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html" + }, + { + "refsource": "MISC", + "name": "https://cerne.xyz/bugs/CVE-2020-12127", + "url": "https://cerne.xyz/bugs/CVE-2020-12127" } ] } diff --git a/2020/13xxx/CVE-2020-13168.json b/2020/13xxx/CVE-2020-13168.json index b5f2dba9a41..66774dc1227 100644 --- a/2020/13xxx/CVE-2020-13168.json +++ b/2020/13xxx/CVE-2020-13168.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13168", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13168", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sysaid.com/product/on-premise/latest-release", + "refsource": "MISC", + "name": "https://www.sysaid.com/product/on-premise/latest-release" + }, + { + "url": "https://github.com/lodestone-security/CVEs/tree/master/CVE-2020-13168", + "refsource": "MISC", + "name": "https://github.com/lodestone-security/CVEs/tree/master/CVE-2020-13168" } ] } diff --git a/2020/14xxx/CVE-2020-14293.json b/2020/14xxx/CVE-2020-14293.json index 84d67595f81..c4ddb464aae 100644 --- a/2020/14xxx/CVE-2020-14293.json +++ b/2020/14xxx/CVE-2020-14293.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14293", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14293", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt", + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt" + }, + { + "url": "https://www.secudos.de/en/news-en/domos-release-5-9", + "refsource": "MISC", + "name": "https://www.secudos.de/en/news-en/domos-release-5-9" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata", + "url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata" + }, + { + "refsource": "MISC", + "name": "https://github.com/patrickhener/CVE-2020-14293", + "url": "https://github.com/patrickhener/CVE-2020-14293" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Sep/51", + "url": "http://seclists.org/fulldisclosure/2020/Sep/51" } ] } diff --git a/2020/14xxx/CVE-2020-14294.json b/2020/14xxx/CVE-2020-14294.json index 755af537b3f..a9c2cb88ed4 100644 --- a/2020/14xxx/CVE-2020-14294.json +++ b/2020/14xxx/CVE-2020-14294.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14294", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14294", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt", + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt" + }, + { + "url": "https://www.qiata.com", + "refsource": "MISC", + "name": "https://www.qiata.com" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata", + "url": "https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata" + }, + { + "refsource": "MISC", + "name": "https://github.com/patrickhener/CVE-2020-14294", + "url": "https://github.com/patrickhener/CVE-2020-14294" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Sep/50", + "url": "http://seclists.org/fulldisclosure/2020/Sep/50" } ] } diff --git a/2020/17xxx/CVE-2020-17382.json b/2020/17xxx/CVE-2020-17382.json index 582b77cfa9f..b9f25dda0f9 100644 --- a/2020/17xxx/CVE-2020-17382.json +++ b/2020/17xxx/CVE-2020-17382.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17382", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17382", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://us.msi.com/support/download/vga", + "refsource": "MISC", + "name": "https://us.msi.com/support/download/vga" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159315/MSI-Ambient-Link-Driver-1.0.0.8-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/159315/MSI-Ambient-Link-Driver-1.0.0.8-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities" } ] } diff --git a/2020/17xxx/CVE-2020-17482.json b/2020/17xxx/CVE-2020-17482.json index b74d1516aa6..21dc871e098 100644 --- a/2020/17xxx/CVE-2020-17482.json +++ b/2020/17xxx/CVE-2020-17482.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17482", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17482", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PowerDNS/pdns", + "refsource": "MISC", + "name": "https://github.com/PowerDNS/pdns" + }, + { + "refsource": "CONFIRM", + "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html", + "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html" } ] } diff --git a/2020/24xxx/CVE-2020-24696.json b/2020/24xxx/CVE-2020-24696.json index dd3cac8b371..0c1c9406e1d 100644 --- a/2020/24xxx/CVE-2020-24696.json +++ b/2020/24xxx/CVE-2020-24696.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24696", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24696", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html", + "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html" } ] } diff --git a/2020/24xxx/CVE-2020-24697.json b/2020/24xxx/CVE-2020-24697.json index 15fe88a3af5..26337d0a548 100644 --- a/2020/24xxx/CVE-2020-24697.json +++ b/2020/24xxx/CVE-2020-24697.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24697", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24697", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html", + "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html" } ] } diff --git a/2020/24xxx/CVE-2020-24698.json b/2020/24xxx/CVE-2020-24698.json index 57bafca5b44..6aaacc8be69 100644 --- a/2020/24xxx/CVE-2020-24698.json +++ b/2020/24xxx/CVE-2020-24698.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24698", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24698", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html", + "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html" } ] } diff --git a/2020/25xxx/CVE-2020-25741.json b/2020/25xxx/CVE-2020-25741.json index 2476680a467..616e4281eb3 100644 --- a/2020/25xxx/CVE-2020-25741.json +++ b/2020/25xxx/CVE-2020-25741.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25741", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25741", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html" + }, + { + "url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1", + "refsource": "MISC", + "name": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/09/29/1", + "url": "http://www.openwall.com/lists/oss-security/2020/09/29/1" } ] } diff --git a/2020/26xxx/CVE-2020-26124.json b/2020/26xxx/CVE-2020-26124.json index ac963899b9b..f0ce6aae06d 100644 --- a/2020/26xxx/CVE-2020-26124.json +++ b/2020/26xxx/CVE-2020-26124.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openmediavault/openmediavault/commit/ebb51bbf5a39f4955eab0073bf87f2a31926d85d", + "refsource": "MISC", + "name": "https://github.com/openmediavault/openmediavault/commit/ebb51bbf5a39f4955eab0073bf87f2a31926d85d" + }, + { + "refsource": "CONFIRM", + "name": "https://www.openmediavault.org/?p=2797", + "url": "https://www.openmediavault.org/?p=2797" } ] } diff --git a/2020/26xxx/CVE-2020-26134.json b/2020/26xxx/CVE-2020-26134.json index 4ed960b95ce..a554826846d 100644 --- a/2020/26xxx/CVE-2020-26134.json +++ b/2020/26xxx/CVE-2020-26134.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26134", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26134", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html", + "refsource": "MISC", + "name": "https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html" + }, + { + "url": "https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58", + "refsource": "MISC", + "name": "https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58" + }, + { + "refsource": "MISC", + "name": "https://github.com/rekter0/exploits/tree/master/CVE-2020-26134", + "url": "https://github.com/rekter0/exploits/tree/master/CVE-2020-26134" } ] } diff --git a/2020/26xxx/CVE-2020-26135.json b/2020/26xxx/CVE-2020-26135.json index c0b0018e6ec..6f4c7934484 100644 --- a/2020/26xxx/CVE-2020-26135.json +++ b/2020/26xxx/CVE-2020-26135.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26135", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26135", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html", + "refsource": "MISC", + "name": "https://livehelperchat.com/3.44v-security-update-and-few-other-bits-586a.html" + }, + { + "url": "https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58", + "refsource": "MISC", + "name": "https://github.com/LiveHelperChat/livehelperchat/commit/a131b937dd6a87271ed1c0c8b8deb8710cf78f58" + }, + { + "refsource": "MISC", + "name": "https://github.com/rekter0/exploits/tree/master/CVE-2020-26134", + "url": "https://github.com/rekter0/exploits/tree/master/CVE-2020-26134" } ] }