From 8783745fe520c6c6777fcfb5815c4126f52a3334 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Dec 2020 20:01:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15599.json | 5 +++ 2019/12xxx/CVE-2019-12155.json | 7 +++- 2019/12xxx/CVE-2019-12768.json | 56 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12953.json | 56 +++++++++++++++++++++++++--- 2019/15xxx/CVE-2019-15078.json | 62 +++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15079.json | 62 +++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15080.json | 67 ++++++++++++++++++++++++++++++++++ 2020/16xxx/CVE-2020-16164.json | 5 +++ 2020/26xxx/CVE-2020-26288.json | 2 +- 2020/35xxx/CVE-2020-35173.json | 66 ++++++++++++++++++++++++++++++--- 2020/35xxx/CVE-2020-35737.json | 48 +++++++++++++++++++++++- 2020/35xxx/CVE-2020-35854.json | 18 +++++++++ 12 files changed, 432 insertions(+), 22 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15078.json create mode 100644 2019/15xxx/CVE-2019-15079.json create mode 100644 2019/15xxx/CVE-2019-15080.json create mode 100644 2020/35xxx/CVE-2020-35854.json diff --git a/2018/15xxx/CVE-2018-15599.json b/2018/15xxx/CVE-2018-15599.json index ecb07a1c434..aa747f77b1a 100644 --- a/2018/15xxx/CVE-2018-15599.json +++ b/2018/15xxx/CVE-2018-15599.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://matt.ucc.asn.au/dropbear/CHANGES", + "url": "https://matt.ucc.asn.au/dropbear/CHANGES" + }, { "name": "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002109.html", "refsource": "MISC", diff --git a/2019/12xxx/CVE-2019-12155.json b/2019/12xxx/CVE-2019-12155.json index c4f645c2f51..03156337b59 100644 --- a/2019/12xxx/CVE-2019-12155.json +++ b/2019/12xxx/CVE-2019-12155.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference." + "value": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference." } ] }, @@ -146,6 +146,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4344", "url": "https://access.redhat.com/errata/RHSA-2019:4344" + }, + { + "refsource": "MISC", + "name": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2", + "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2" } ] } diff --git a/2019/12xxx/CVE-2019-12768.json b/2019/12xxx/CVE-2019-12768.json index d887d5f51be..21caeb07fd0 100644 --- a/2019/12xxx/CVE-2019-12768.json +++ b/2019/12xxx/CVE-2019-12768.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12768", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12768", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf", + "refsource": "MISC", + "name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf" } ] } diff --git a/2019/12xxx/CVE-2019-12953.json b/2019/12xxx/CVE-2019-12953.json index 949ae08cbf6..1145ae3a148 100644 --- a/2019/12xxx/CVE-2019-12953.json +++ b/2019/12xxx/CVE-2019-12953.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12953", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12953", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://matt.ucc.asn.au/dropbear/CHANGES", + "refsource": "MISC", + "name": "https://matt.ucc.asn.au/dropbear/CHANGES" } ] } diff --git a/2019/15xxx/CVE-2019-15078.json b/2019/15xxx/CVE-2019-15078.json new file mode 100644 index 00000000000..14bd6b90b11 --- /dev/null +++ b/2019/15xxx/CVE-2019-15078.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-00", + "refsource": "MISC", + "name": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-00" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15079.json b/2019/15xxx/CVE-2019-15079.json new file mode 100644 index 00000000000..afd49be6adc --- /dev/null +++ b/2019/15xxx/CVE-2019-15079.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-01", + "refsource": "MISC", + "name": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-01" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15080.json b/2019/15xxx/CVE-2019-15080.json new file mode 100644 index 00000000000..2685e611d91 --- /dev/null +++ b/2019/15xxx/CVE-2019-15080.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-02", + "refsource": "MISC", + "name": "https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-02" + }, + { + "url": "https://etherscan.io/address/0x2ef27bf41236bd859a95209e17a43fbd26851f92#contracts", + "refsource": "MISC", + "name": "https://etherscan.io/address/0x2ef27bf41236bd859a95209e17a43fbd26851f92#contracts" + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16164.json b/2020/16xxx/CVE-2020-16164.json index 77690dae116..6112e7ddb6f 100644 --- a/2020/16xxx/CVE-2020-16164.json +++ b/2020/16xxx/CVE-2020-16164.json @@ -61,6 +61,11 @@ "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/158", "refsource": "MISC", "name": "https://github.com/RIPE-NCC/rpki-validator-3/issues/158" + }, + { + "refsource": "MISC", + "name": "https://github.com/RIPE-NCC/rpki-validator-3/security/advisories/GHSA-q76j-58cx-wp5v", + "url": "https://github.com/RIPE-NCC/rpki-validator-3/security/advisories/GHSA-q76j-58cx-wp5v" } ] } diff --git a/2020/26xxx/CVE-2020-26288.json b/2020/26xxx/CVE-2020-26288.json index f362af980dd..c14370fa7f3 100644 --- a/2020/26xxx/CVE-2020-26288.json +++ b/2020/26xxx/CVE-2020-26288.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package \"parse-server\".\nIn Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext.\nThis is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage." + "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package \"parse-server\". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage." } ] }, diff --git a/2020/35xxx/CVE-2020-35173.json b/2020/35xxx/CVE-2020-35173.json index ea29b1d4875..4249ee923a4 100644 --- a/2020/35xxx/CVE-2020-35173.json +++ b/2020/35xxx/CVE-2020-35173.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35173", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35173", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=US", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=US" + }, + { + "url": "https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2", + "refsource": "MISC", + "name": "https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/TeamAmaze/AmazeFileManager/pull/1815", + "url": "https://github.com/TeamAmaze/AmazeFileManager/pull/1815" } ] } diff --git a/2020/35xxx/CVE-2020-35737.json b/2020/35xxx/CVE-2020-35737.json index 0e453752917..b2a4d6bf880 100644 --- a/2020/35xxx/CVE-2020-35737.json +++ b/2020/35xxx/CVE-2020-35737.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2020-35737", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486", + "url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference." } ] } diff --git a/2020/35xxx/CVE-2020-35854.json b/2020/35xxx/CVE-2020-35854.json new file mode 100644 index 00000000000..6afd8023f53 --- /dev/null +++ b/2020/35xxx/CVE-2020-35854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file