diff --git a/2005/1xxx/CVE-2005-1513.json b/2005/1xxx/CVE-2005-1513.json index 61721ce364c..c2ea6154300 100644 --- a/2005/1xxx/CVE-2005-1513.json +++ b/2005/1xxx/CVE-2005-1513.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200616 Re: Remote Code Execution in qmail (CVE-2005-1513)", "url": "http://www.openwall.com/lists/oss-security/2020/06/16/2" + }, + { + "refsource": "FULLDISC", + "name": "20200623 Re: Remote Code Execution in qmail (CVE-2005-1513)", + "url": "http://seclists.org/fulldisclosure/2020/Jun/27" } ] } diff --git a/2020/13xxx/CVE-2020-13155.json b/2020/13xxx/CVE-2020-13155.json index c19d79b7e04..00bf616a847 100644 --- a/2020/13xxx/CVE-2020-13155.json +++ b/2020/13xxx/CVE-2020-13155.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13155", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13155", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nukeviet.vn/en/", + "refsource": "MISC", + "name": "https://nukeviet.vn/en/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48489", + "url": "https://www.exploit-db.com/exploits/48489" } ] } diff --git a/2020/13xxx/CVE-2020-13156.json b/2020/13xxx/CVE-2020-13156.json index 44c142f9cdd..4a1700a3b13 100644 --- a/2020/13xxx/CVE-2020-13156.json +++ b/2020/13xxx/CVE-2020-13156.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13156", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13156", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "modules\\users\\admin\\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nukeviet.vn/en/", + "refsource": "MISC", + "name": "https://nukeviet.vn/en/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48489", + "url": "https://www.exploit-db.com/exploits/48489" } ] } diff --git a/2020/13xxx/CVE-2020-13157.json b/2020/13xxx/CVE-2020-13157.json index d61b346e8cf..1657b2e7c17 100644 --- a/2020/13xxx/CVE-2020-13157.json +++ b/2020/13xxx/CVE-2020-13157.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13157", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13157", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "modules\\users\\admin\\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nukeviet.vn/en/", + "refsource": "MISC", + "name": "https://nukeviet.vn/en/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48489", + "url": "https://www.exploit-db.com/exploits/48489" } ] } diff --git a/2020/14xxx/CVE-2020-14073.json b/2020/14xxx/CVE-2020-14073.json index 26af7f24d71..355221af23f 100644 --- a/2020/14xxx/CVE-2020-14073.json +++ b/2020/14xxx/CVE-2020-14073.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.paessler.com/prtg/history/stable", + "refsource": "MISC", + "name": "https://www.paessler.com/prtg/history/stable" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df", + "url": "https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df" } ] } diff --git a/2020/14xxx/CVE-2020-14157.json b/2020/14xxx/CVE-2020-14157.json index a8226bb462d..b76838f94cb 100644 --- a/2020/14xxx/CVE-2020-14157.json +++ b/2020/14xxx/CVE-2020-14157.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.youtube.com/watch?v=kCqAVYyahLc", "url": "https://www.youtube.com/watch?v=kCqAVYyahLc" + }, + { + "refsource": "FULLDISC", + "name": "20200623 [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)", + "url": "http://seclists.org/fulldisclosure/2020/Jun/26" } ] } diff --git a/2020/14xxx/CVE-2020-14974.json b/2020/14xxx/CVE-2020-14974.json index 0e309d8e878..a7c034794d2 100644 --- a/2020/14xxx/CVE-2020-14974.json +++ b/2020/14xxx/CVE-2020-14974.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14974", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14974", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.iobit.com/en/iobit-unlocker.php", + "refsource": "MISC", + "name": "https://www.iobit.com/en/iobit-unlocker.php" + }, + { + "refsource": "MISC", + "name": "https://theevilbit.github.io/posts/", + "url": "https://theevilbit.github.io/posts/" } ] } diff --git a/2020/14xxx/CVE-2020-14975.json b/2020/14xxx/CVE-2020-14975.json index 49de21006e7..dffe88d6b34 100644 --- a/2020/14xxx/CVE-2020-14975.json +++ b/2020/14xxx/CVE-2020-14975.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14975", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14975", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.iobit.com/en/iobit-unlocker.php", + "refsource": "MISC", + "name": "https://www.iobit.com/en/iobit-unlocker.php" + }, + { + "refsource": "MISC", + "name": "https://theevilbit.github.io/posts/", + "url": "https://theevilbit.github.io/posts/" } ] } diff --git a/2020/14xxx/CVE-2020-14976.json b/2020/14xxx/CVE-2020-14976.json index 43c78c46cc7..d0c514f877f 100644 --- a/2020/14xxx/CVE-2020-14976.json +++ b/2020/14xxx/CVE-2020-14976.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14976", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14976", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gns3.com/", + "refsource": "MISC", + "name": "https://www.gns3.com/" + }, + { + "url": "https://github.com/GNS3/ubridge/commit/2eb0d1dab6a6de76cf3556130a2d52af101077db", + "refsource": "MISC", + "name": "https://github.com/GNS3/ubridge/commit/2eb0d1dab6a6de76cf3556130a2d52af101077db" + }, + { + "url": "https://github.com/GNS3/gns3-server/releases/tag/v2.1.17", + "refsource": "MISC", + "name": "https://github.com/GNS3/gns3-server/releases/tag/v2.1.17" + }, + { + "refsource": "MISC", + "name": "https://theevilbit.github.io/posts/", + "url": "https://theevilbit.github.io/posts/" } ] } diff --git a/2020/14xxx/CVE-2020-14977.json b/2020/14xxx/CVE-2020-14977.json index 4f5de2c2cf4..b9f4338d6e5 100644 --- a/2020/14xxx/CVE-2020-14977.json +++ b/2020/14xxx/CVE-2020-14977.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14977", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14977", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.f-secure.com/en/home/products/safe", + "refsource": "MISC", + "name": "https://www.f-secure.com/en/home/products/safe" + }, + { + "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", + "refsource": "MISC", + "name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame" + }, + { + "refsource": "MISC", + "name": "https://theevilbit.github.io/posts/", + "url": "https://theevilbit.github.io/posts/" } ] }