From 809fea394cf9d1b6f3970271c4deff4008cb7ab9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 17 Jun 2020 17:01:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/1xxx/CVE-2018-1285.json | 5 +++ 2019/16xxx/CVE-2019-16245.json | 62 ++++++++++++++++++++++++++++++++++ 2019/9xxx/CVE-2019-9943.json | 56 ++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9944.json | 56 ++++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13637.json | 61 +++++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6752.json | 56 ++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7664.json | 7 ++-- 2020/7xxx/CVE-2020-7668.json | 7 ++-- 2020/7xxx/CVE-2020-7932.json | 56 ++++++++++++++++++++++++++---- 2020/9xxx/CVE-2020-9332.json | 61 +++++++++++++++++++++++++++++---- 10 files changed, 385 insertions(+), 42 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16245.json diff --git a/2018/1xxx/CVE-2018-1285.json b/2018/1xxx/CVE-2018-1285.json index 92876c65c9a..88c2057271b 100644 --- a/2018/1xxx/CVE-2018-1285.json +++ b/2018/1xxx/CVE-2018-1285.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[logging-dev] 20200525 Re: [CVE-2018-1285] XXE vulnerability in Apache log4net", "url": "https://lists.apache.org/thread.html/r9de86a185575e6c5f92e2a70a1d2e2e9514dc4341251577aac8e3866@%3Cdev.logging.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[logging-dev] 20200617 Re: [CVE-2018-1285] XXE vulnerability in Apache log4net", + "url": "https://lists.apache.org/thread.html/r6543acafca3e2d24ff4b0c364a91540cb9378977ffa8d37a03ab4b0f@%3Cdev.logging.apache.org%3E" } ] }, diff --git a/2019/16xxx/CVE-2019-16245.json b/2019/16xxx/CVE-2019-16245.json new file mode 100644 index 00000000000..7a1a1a48ee8 --- /dev/null +++ b/2019/16xxx/CVE-2019-16245.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OMERO before 5.6.1 makes the details of each user available to all users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.openmicroscopy.org/security/advisories/2019-SV3/", + "url": "https://www.openmicroscopy.org/security/advisories/2019-SV3/" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9943.json b/2019/9xxx/CVE-2019-9943.json index 2bbb0053e08..f7b82152765 100644 --- a/2019/9xxx/CVE-2019-9943.json +++ b/2019/9xxx/CVE-2019-9943.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9943", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9943", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.openmicroscopy.org/security/advisories/2019-SV2/", + "url": "https://www.openmicroscopy.org/security/advisories/2019-SV2/" } ] } diff --git a/2019/9xxx/CVE-2019-9944.json b/2019/9xxx/CVE-2019-9944.json index f134ee6b379..8c65f37db8e 100644 --- a/2019/9xxx/CVE-2019-9944.json +++ b/2019/9xxx/CVE-2019-9944.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9944", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9944", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.openmicroscopy.org/security/advisories/2019-SV1/", + "url": "https://www.openmicroscopy.org/security/advisories/2019-SV1/" } ] } diff --git a/2020/13xxx/CVE-2020-13637.json b/2020/13xxx/CVE-2020-13637.json index 654a0c53ca3..2068d6d2b96 100644 --- a/2020/13xxx/CVE-2020-13637.json +++ b/2020/13xxx/CVE-2020-13637.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13637", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13637", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users's context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.jvanlaak.de/stashcat.html", + "refsource": "MISC", + "name": "http://www.jvanlaak.de/stashcat.html" + }, + { + "url": "http://www.jvanlaak.de/stashcat_CWE_312_200527.pdf", + "refsource": "MISC", + "name": "http://www.jvanlaak.de/stashcat_CWE_312_200527.pdf" } ] } diff --git a/2020/6xxx/CVE-2020-6752.json b/2020/6xxx/CVE-2020-6752.json index 676e49d6683..ad646d7a93a 100644 --- a/2020/6xxx/CVE-2020-6752.json +++ b/2020/6xxx/CVE-2020-6752.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6752", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6752", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OMERO before 5.6.1, group owners can access members' data in other groups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.openmicroscopy.org/security/advisories/2019-SV6/", + "url": "https://www.openmicroscopy.org/security/advisories/2019-SV6/" } ] } diff --git a/2020/7xxx/CVE-2020-7664.json b/2020/7xxx/CVE-2020-7664.json index a6e5636d6cc..4e831f97280 100644 --- a/2020/7xxx/CVE-2020-7664.json +++ b/2020/7xxx/CVE-2020-7664.json @@ -48,8 +48,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383", + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383" } ] }, @@ -57,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading \"..\". This allows an attacker to add or replace files system-wide.\r\n\r\n" + "value": "The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading \"..\". This allows an attacker to add or replace files system-wide." } ] }, diff --git a/2020/7xxx/CVE-2020-7668.json b/2020/7xxx/CVE-2020-7668.json index ff85e4e675e..1dd2e795eda 100644 --- a/2020/7xxx/CVE-2020-7668.json +++ b/2020/7xxx/CVE-2020-7668.json @@ -48,8 +48,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384", + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384" } ] }, @@ -57,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading \"..\". This allows an attacker to add or replace files system-wide.\r\n\r\n" + "value": "The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading \"..\". This allows an attacker to add or replace files system-wide." } ] }, diff --git a/2020/7xxx/CVE-2020-7932.json b/2020/7xxx/CVE-2020-7932.json index 30382a19ce8..33ea0714bf2 100644 --- a/2020/7xxx/CVE-2020-7932.json +++ b/2020/7xxx/CVE-2020-7932.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-7932", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-7932", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.openmicroscopy.org/security/advisories/2019-SV4/", + "url": "https://www.openmicroscopy.org/security/advisories/2019-SV4/" } ] } diff --git a/2020/9xxx/CVE-2020-9332.json b/2020/9xxx/CVE-2020-9332.json index 42963bd5f8d..6daee777583 100644 --- a/2020/9xxx/CVE-2020-9332.json +++ b/2020/9xxx/CVE-2020-9332.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9332", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9332", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fabulatech.com", + "refsource": "MISC", + "name": "https://www.fabulatech.com" + }, + { + "refsource": "MISC", + "name": "https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/", + "url": "https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/" } ] }