From 80881017629038e86c27ab2a99c7196242cd4f48 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 30 Apr 2020 18:01:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10375.json | 5 +++++ 2016/10xxx/CVE-2016-10711.json | 5 +++++ 2017/8xxx/CVE-2017-8798.json | 5 +++++ 2018/6xxx/CVE-2018-6196.json | 5 +++++ 2018/6xxx/CVE-2018-6197.json | 5 +++++ 2020/10xxx/CVE-2020-10505.json | 11 ++++++----- 2020/10xxx/CVE-2020-10506.json | 15 ++++++++------- 2020/10xxx/CVE-2020-10507.json | 15 ++++++++------- 2020/10xxx/CVE-2020-10511.json | 16 +++++++--------- 2020/10xxx/CVE-2020-10512.json | 16 +++++++--------- 2020/10xxx/CVE-2020-10513.json | 11 ++++++----- 2020/10xxx/CVE-2020-10514.json | 15 ++++++++------- 2020/5xxx/CVE-2020-5237.json | 2 +- 13 files changed, 76 insertions(+), 50 deletions(-) diff --git a/2016/10xxx/CVE-2016-10375.json b/2016/10xxx/CVE-2016-10375.json index 1c48de30dec..ce651fff1e3 100644 --- a/2016/10xxx/CVE-2016-10375.json +++ b/2016/10xxx/CVE-2016-10375.json @@ -61,6 +61,11 @@ "name": "https://github.com/fbb-git/yodl/issues/1", "refsource": "CONFIRM", "url": "https://github.com/fbb-git/yodl/issues/1" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2194-1] yodl security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00026.html" } ] } diff --git a/2016/10xxx/CVE-2016-10711.json b/2016/10xxx/CVE-2016-10711.json index 954ccd63bbb..ba4b6d9f5f9 100644 --- a/2016/10xxx/CVE-2016-10711.json +++ b/2016/10xxx/CVE-2016-10711.json @@ -61,6 +61,11 @@ "name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html" } ] } diff --git a/2017/8xxx/CVE-2017-8798.json b/2017/8xxx/CVE-2017-8798.json index f93a77edd12..f0877468a7e 100644 --- a/2017/8xxx/CVE-2017-8798.json +++ b/2017/8xxx/CVE-2017-8798.json @@ -61,6 +61,11 @@ "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798", "refsource": "MISC", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2197-1] miniupnpc security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00027.html" } ] } diff --git a/2018/6xxx/CVE-2018-6196.json b/2018/6xxx/CVE-2018-6196.json index 3be3305e539..e61c1dbf0de 100644 --- a/2018/6xxx/CVE-2018-6196.json +++ b/2018/6xxx/CVE-2018-6196.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1142", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2195-1] w3m security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00025.html" } ] } diff --git a/2018/6xxx/CVE-2018-6197.json b/2018/6xxx/CVE-2018-6197.json index e8234e90d41..ebb8ceea30b 100644 --- a/2018/6xxx/CVE-2018-6197.json +++ b/2018/6xxx/CVE-2018-6197.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1142", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2195-1] w3m security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00025.html" } ] } diff --git a/2020/10xxx/CVE-2020-10505.json b/2020/10xxx/CVE-2020-10505.json index db6b422dda7..c6c68f87e0d 100644 --- a/2020/10xxx/CVE-2020-10505.json +++ b/2020/10xxx/CVE-2020-10505.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "ALLE INFORMATION CO., LTD.", "product": { "product_data": [ { @@ -18,15 +19,13 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "2020" + "version_value": "before 2020" } ] } } ] - }, - "vendor_name": "ALLE INFORMATION CO., LTD." + } } ] } @@ -38,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password." + "value": "The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password." } ] }, @@ -77,10 +76,12 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.twcert.org.tw/tw/cp-132-3530-53d32-1.html", "url": "https://www.twcert.org.tw/tw/cp-132-3530-53d32-1.html" }, { "refsource": "CONFIRM", + "name": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d", "url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d" } ] diff --git a/2020/10xxx/CVE-2020-10506.json b/2020/10xxx/CVE-2020-10506.json index c93619e5c26..d7ab433414d 100644 --- a/2020/10xxx/CVE-2020-10506.json +++ b/2020/10xxx/CVE-2020-10506.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "ALLE INFORMATION CO., LTD.", "product": { "product_data": [ { @@ -18,15 +19,13 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "2020" + "version_value": "before 2020" } ] } } ] - }, - "vendor_name": "ALLE INFORMATION CO., LTD." + } } ] } @@ -38,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files." + "value": "The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files." } ] }, @@ -77,11 +76,13 @@ "reference_data": [ { "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html" + "name": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d", + "url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d" }, { "refsource": "CONFIRM", - "url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d" + "name": "https://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html", + "url": "https://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10507.json b/2020/10xxx/CVE-2020-10507.json index 4330b9ae92d..bdbc195799f 100644 --- a/2020/10xxx/CVE-2020-10507.json +++ b/2020/10xxx/CVE-2020-10507.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "ALLE INFORMATION CO., LTD.", "product": { "product_data": [ { @@ -18,15 +19,13 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "2020" + "version_value": "before 2020" } ] } } ] - }, - "vendor_name": "ALLE INFORMATION CO., LTD." + } } ] } @@ -38,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine." + "value": "The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine." } ] }, @@ -77,11 +76,13 @@ "reference_data": [ { "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-3532-26d71-1.html" + "name": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d", + "url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d" }, { "refsource": "CONFIRM", - "url": "https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d" + "name": "https://www.twcert.org.tw/tw/cp-132-3532-26d71-1.html", + "url": "https://www.twcert.org.tw/tw/cp-132-3532-26d71-1.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10511.json b/2020/10xxx/CVE-2020-10511.json index 9b3a7e2e5d3..c1dd5a5b6ad 100644 --- a/2020/10xxx/CVE-2020-10511.json +++ b/2020/10xxx/CVE-2020-10511.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "HGiga", "product": { "product_data": [ { @@ -18,21 +19,16 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "CCMAILQ", - "version_value": "olln-base-6.0-418.i386.rpm" + "version_value": "CCMAILQ before olln-base-6.0-418.i386.rpm" }, { - "version_affected": "<", - "version_name": "CCMAILN", - "version_value": "olln-base-5.0-418.i386.rpm" + "version_value": "CCMAILN before olln-base-5.0-418.i386.rpm" } ] } } ] - }, - "vendor_name": "HGiga" + } } ] } @@ -44,7 +40,7 @@ "description_data": [ { "lang": "eng", - "value": "HGiga C&Cmail contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL." + "value": "HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL." } ] }, @@ -88,10 +84,12 @@ }, { "refsource": "CONFIRM", + "name": "https://gist.github.com/tonykuo76/7d41c414f23ef1e47c97f7b97e1b33b0", "url": "https://gist.github.com/tonykuo76/7d41c414f23ef1e47c97f7b97e1b33b0" }, { "refsource": "CONFIRM", + "name": "https://www.chtsecurity.com/news/19400b04-ea92-4eaa-afa7-2449fd9b2e0b", "url": "https://www.chtsecurity.com/news/19400b04-ea92-4eaa-afa7-2449fd9b2e0b" } ] diff --git a/2020/10xxx/CVE-2020-10512.json b/2020/10xxx/CVE-2020-10512.json index be1c3165d6f..54ec96df517 100644 --- a/2020/10xxx/CVE-2020-10512.json +++ b/2020/10xxx/CVE-2020-10512.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "HGiga", "product": { "product_data": [ { @@ -18,21 +19,16 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "CCMAILQ", - "version_value": "olln-calendar-6.0-100.i386.rpm" + "version_value": "CCMAILQ before olln-calendar-6.0-100.i386.rpm" }, { - "version_affected": "<", - "version_name": "CCMAILN", - "version_value": "olln-calendar-5.0-100.i386.rpm" + "version_value": "CCMAILN before olln-calendar-5.0-100.i386.rpm" } ] } } ] - }, - "vendor_name": "HGiga" + } } ] } @@ -44,7 +40,7 @@ "description_data": [ { "lang": "eng", - "value": "HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands." + "value": "HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands." } ] }, @@ -88,10 +84,12 @@ }, { "refsource": "CONFIRM", + "name": "https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a", "url": "https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a" }, { "refsource": "CONFIRM", + "name": "https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e", "url": "https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e" } ] diff --git a/2020/10xxx/CVE-2020-10513.json b/2020/10xxx/CVE-2020-10513.json index c9795f33865..f754c0b4596 100644 --- a/2020/10xxx/CVE-2020-10513.json +++ b/2020/10xxx/CVE-2020-10513.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "iCatch Inc.", "product": { "product_data": [ { @@ -18,15 +19,13 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "20200103" + "version_value": "before 20200103" } ] } } ] - }, - "vendor_name": "iCatch Inc." + } } ] } @@ -38,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "The file management interface of iCatch DVR contains broken access control which allows the attacker to remotely manipulate arbitrary file." + "value": "The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file." } ] }, @@ -77,10 +76,12 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html", "url": "https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html" }, { "refsource": "CONFIRM", + "name": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d", "url": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d" } ] diff --git a/2020/10xxx/CVE-2020-10514.json b/2020/10xxx/CVE-2020-10514.json index 4f2d8d819fb..b407621bc04 100644 --- a/2020/10xxx/CVE-2020-10514.json +++ b/2020/10xxx/CVE-2020-10514.json @@ -11,6 +11,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "iCatch Inc.", "product": { "product_data": [ { @@ -18,15 +19,13 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "20200103" + "version_value": "before 20200103" } ] } } ] - }, - "vendor_name": "iCatch Inc." + } } ] } @@ -38,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary command." + "value": "iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command." } ] }, @@ -77,11 +76,13 @@ "reference_data": [ { "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html" + "name": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d", + "url": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d" }, { "refsource": "CONFIRM", - "url": "https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d" + "name": "https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html", + "url": "https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5237.json b/2020/5xxx/CVE-2020-5237.json index 816ba046bea..f51354c53e2 100644 --- a/2020/5xxx/CVE-2020-5237.json +++ b/2020/5xxx/CVE-2020-5237.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php.\n\nThis is fixed in versions 1.9.3 and 2.1.5." + "value": "Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5." } ] },