From 790821e2bfc97b3dbb03a72dd71fbfffed5108c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 17 Dec 2020 05:01:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27199.json | 56 +++++++++++++++++++++++++++---- 2020/29xxx/CVE-2020-29652.json | 61 ++++++++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35177.json | 61 ++++++++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35453.json | 61 ++++++++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35484.json | 18 ++++++++++ 2020/35xxx/CVE-2020-35485.json | 18 ++++++++++ 2020/35xxx/CVE-2020-35486.json | 18 ++++++++++ 2020/35xxx/CVE-2020-35487.json | 18 ++++++++++ 2020/35xxx/CVE-2020-35488.json | 18 ++++++++++ 9 files changed, 305 insertions(+), 24 deletions(-) create mode 100644 2020/35xxx/CVE-2020-35484.json create mode 100644 2020/35xxx/CVE-2020-35485.json create mode 100644 2020/35xxx/CVE-2020-35486.json create mode 100644 2020/35xxx/CVE-2020-35487.json create mode 100644 2020/35xxx/CVE-2020-35488.json diff --git a/2020/27xxx/CVE-2020-27199.json b/2020/27xxx/CVE-2020-27199.json index f137b2fdfb7..8c67ff8dedd 100644 --- a/2020/27xxx/CVE-2020-27199.json +++ b/2020/27xxx/CVE-2020-27199.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27199", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/magic-home-pro-mobile-application-authentication-bypass-cve-2020-27199/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/magic-home-pro-mobile-application-authentication-bypass-cve-2020-27199/" } ] } diff --git a/2020/29xxx/CVE-2020-29652.json b/2020/29xxx/CVE-2020-29652.json index 04f1dadadb0..35a21d7e311 100644 --- a/2020/29xxx/CVE-2020-29652.json +++ b/2020/29xxx/CVE-2020-29652.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29652", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29652", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1", + "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1" + }, + { + "refsource": "MISC", + "name": "https://go-review.googlesource.com/c/crypto/+/278852", + "url": "https://go-review.googlesource.com/c/crypto/+/278852" } ] } diff --git a/2020/35xxx/CVE-2020-35177.json b/2020/35xxx/CVE-2020-35177.json index 7360a383bab..c45d1ad4cf4 100644 --- a/2020/35xxx/CVE-2020-35177.json +++ b/2020/35xxx/CVE-2020-35177.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35177", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35177", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", + "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" + }, + { + "refsource": "CONFIRM", + "name": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", + "url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984" } ] } diff --git a/2020/35xxx/CVE-2020-35453.json b/2020/35xxx/CVE-2020-35453.json index 8b3117d1022..54e12d4f10d 100644 --- a/2020/35xxx/CVE-2020-35453.json +++ b/2020/35xxx/CVE-2020-35453.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Vault Enterprise\u2019s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", + "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" + }, + { + "refsource": "CONFIRM", + "name": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", + "url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983" } ] } diff --git a/2020/35xxx/CVE-2020-35484.json b/2020/35xxx/CVE-2020-35484.json new file mode 100644 index 00000000000..cda5f24ac3c --- /dev/null +++ b/2020/35xxx/CVE-2020-35484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35485.json b/2020/35xxx/CVE-2020-35485.json new file mode 100644 index 00000000000..64c562484f7 --- /dev/null +++ b/2020/35xxx/CVE-2020-35485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35486.json b/2020/35xxx/CVE-2020-35486.json new file mode 100644 index 00000000000..f5e0ce22b39 --- /dev/null +++ b/2020/35xxx/CVE-2020-35486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35487.json b/2020/35xxx/CVE-2020-35487.json new file mode 100644 index 00000000000..510f79ed3b1 --- /dev/null +++ b/2020/35xxx/CVE-2020-35487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35487", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35488.json b/2020/35xxx/CVE-2020-35488.json new file mode 100644 index 00000000000..795c4474796 --- /dev/null +++ b/2020/35xxx/CVE-2020-35488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file