From 7ec676c6f22f49cb3efe55a6c2c3396c751a602d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Dec 2020 21:01:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11738.json | 5 ++++ 2020/11xxx/CVE-2020-11974.json | 50 ++++++++++++++++++++++++++++++++-- 2020/13xxx/CVE-2020-13535.json | 50 ++++++++++++++++++++++++++++++++-- 2020/17xxx/CVE-2020-17520.json | 50 ++++++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27781.json | 50 ++++++++++++++++++++++++++++++++-- 2020/28xxx/CVE-2020-28647.json | 5 ++++ 2020/2xxx/CVE-2020-2231.json | 5 ++++ 2020/5xxx/CVE-2020-5803.json | 50 ++++++++++++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8260.json | 5 ++++ 9 files changed, 255 insertions(+), 15 deletions(-) diff --git a/2020/11xxx/CVE-2020-11738.json b/2020/11xxx/CVE-2020-11738.json index 19e017961b4..9bbce97bd05 100644 --- a/2020/11xxx/CVE-2020-11738.json +++ b/2020/11xxx/CVE-2020-11738.json @@ -61,6 +61,11 @@ "url": "https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/", "refsource": "MISC", "name": "https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html", + "url": "http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11974.json b/2020/11xxx/CVE-2020-11974.json index fd8c867f388..cfa4164d763 100644 --- a/2020/11xxx/CVE-2020-11974.json +++ b/2020/11xxx/CVE-2020-11974.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache DolphinScheduler(Incubating)", + "version": { + "version_data": [ + { + "version_value": "Apache DolphinScheduler(Incubating) 1.2.0 and 1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code execution vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E", + "url": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database." } ] } diff --git a/2020/13xxx/CVE-2020-13535.json b/2020/13xxx/CVE-2020-13535.json index e2ea8e94f1c..895080cf6e5 100644 --- a/2020/13xxx/CVE-2020-13535.json +++ b/2020/13xxx/CVE-2020-13535.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kepware", + "version": { + "version_data": [ + { + "version_value": "Kepware LinkMaster 3.0.94.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1147", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1147" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges." } ] } diff --git a/2020/17xxx/CVE-2020-17520.json b/2020/17xxx/CVE-2020-17520.json index d1487c082df..326d52e745d 100644 --- a/2020/17xxx/CVE-2020-17520.json +++ b/2020/17xxx/CVE-2020-17520.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-17520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pulsar Manager", + "version": { + "version_data": [ + { + "version_value": "Pulsar Manager 0.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E", + "url": "https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API." } ] } diff --git a/2020/27xxx/CVE-2020-27781.json b/2020/27xxx/CVE-2020-27781.json index 0f82b30eea7..740fcda1b53 100644 --- a/2020/27xxx/CVE-2020-27781.json +++ b/2020/27xxx/CVE-2020-27781.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ceph", + "version": { + "version_data": [ + { + "version_value": "Ceph 16.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900109", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900109" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even \"admin\" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 16.2.0." } ] } diff --git a/2020/28xxx/CVE-2020-28647.json b/2020/28xxx/CVE-2020-28647.json index c14ea497a37..895ae348c73 100644 --- a/2020/28xxx/CVE-2020-28647.json +++ b/2020/28xxx/CVE-2020-28647.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-Nov-2020", "url": "https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-Nov-2020" + }, + { + "refsource": "MISC", + "name": "https://labs.secforce.com/posts/progress-moveit-transfer-2020.1-stored-xss-cve-2020-28647/", + "url": "https://labs.secforce.com/posts/progress-moveit-transfer-2020.1-stored-xss-cve-2020-28647/" } ] } diff --git a/2020/2xxx/CVE-2020-2231.json b/2020/2xxx/CVE-2020-2231.json index d103f36ef44..d51c6b34465 100644 --- a/2020/2xxx/CVE-2020-2231.json +++ b/2020/2xxx/CVE-2020-2231.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html" } ] } diff --git a/2020/5xxx/CVE-2020-5803.json b/2020/5xxx/CVE-2020-5803.json index 8f27b913692..77cbc771d05 100644 --- a/2020/5xxx/CVE-2020-5803.json +++ b/2020/5xxx/CVE-2020-5803.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Marvell QConvergeConsole GUI", + "version": { + "version_data": [ + { + "version_value": "5.5.0.74" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-56", + "url": "https://www.tenable.com/security/research/tra-2020-56" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root." } ] } diff --git a/2020/8xxx/CVE-2020-8260.json b/2020/8xxx/CVE-2020-8260.json index 37cc48a9348..107ca0166df 100644 --- a/2020/8xxx/CVE-2020-8260.json +++ b/2020/8xxx/CVE-2020-8260.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html" } ] },