From 8a3bad747f00a27791d800872c79978896d61c77 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Apr 2020 19:01:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/21xxx/CVE-2018-21101.json | 70 +++++++++++++++++++++++++++++++--- 2018/21xxx/CVE-2018-21102.json | 70 +++++++++++++++++++++++++++++++--- 2018/21xxx/CVE-2018-21103.json | 70 +++++++++++++++++++++++++++++++--- 2018/21xxx/CVE-2018-21104.json | 70 +++++++++++++++++++++++++++++++--- 2019/17xxx/CVE-2019-17101.json | 7 ++-- 2019/20xxx/CVE-2019-20788.json | 62 ++++++++++++++++++++++++++++++ 2020/5xxx/CVE-2020-5864.json | 50 ++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5865.json | 50 ++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5866.json | 50 ++++++++++++++++++++++-- 2020/8xxx/CVE-2020-8798.json | 56 ++++++++++++++++++++++++--- 10 files changed, 513 insertions(+), 42 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20788.json diff --git a/2018/21xxx/CVE-2018-21101.json b/2018/21xxx/CVE-2018-21101.json index 8fbbd81496a..c002796612a 100644 --- a/2018/21xxx/CVE-2018-21101.json +++ b/2018/21xxx/CVE-2018-21101.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21101", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21101", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060449/Security-Advisory-for-Post-Authentication-Command-Injection-on-R7800-PSV-2018-0380", + "url": "https://kb.netgear.com/000060449/Security-Advisory-for-Post-Authentication-Command-Injection-on-R7800-PSV-2018-0380" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21102.json b/2018/21xxx/CVE-2018-21102.json index 56ac69ee857..b341fec2dbf 100644 --- a/2018/21xxx/CVE-2018-21102.json +++ b/2018/21xxx/CVE-2018-21102.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21102", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21102", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060454/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2018-0373", + "url": "https://kb.netgear.com/000060454/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2018-0373" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21103.json b/2018/21xxx/CVE-2018-21103.json index d8b47df1c0a..fec92dea4df 100644 --- a/2018/21xxx/CVE-2018-21103.json +++ b/2018/21xxx/CVE-2018-21103.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21103", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21103", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060448/Security-Advisory-for-a-Post-Authentication-Command-Injection-on-R7800-PSV-2018-0363", + "url": "https://kb.netgear.com/000060448/Security-Advisory-for-a-Post-Authentication-Command-Injection-on-R7800-PSV-2018-0363" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21104.json b/2018/21xxx/CVE-2018-21104.json index 30ff0155340..4f1a71c3426 100644 --- a/2018/21xxx/CVE-2018-21104.json +++ b/2018/21xxx/CVE-2018-21104.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21104", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21104", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000060447/Security-Advisory-for-a-Post-Authentication-Command-Injection-on-R7800-PSV-2018-0362", + "url": "https://kb.netgear.com/000060447/Security-Advisory-for-a-Post-Authentication-Command-Injection-on-R7800-PSV-2018-0362" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17101.json b/2019/17xxx/CVE-2019-17101.json index 213860ef55e..08f128f62ff 100644 --- a/2019/17xxx/CVE-2019-17101.json +++ b/2019/17xxx/CVE-2019-17101.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device.\nThis issue affects:\nNetatmo Smart Indoor Camera\nversion and prior versions." + "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions." } ] }, @@ -81,8 +81,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/" + "refsource": "MISC", + "url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/", + "name": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/" } ] }, diff --git a/2019/20xxx/CVE-2019-20788.json b/2019/20xxx/CVE-2019-20788.json new file mode 100644 index 00000000000..59322bd0fd9 --- /dev/null +++ b/2019/20xxx/CVE-2019-20788.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed", + "refsource": "MISC", + "name": "https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5864.json b/2020/5xxx/CVE-2020-5864.json index c55e58ed7aa..c3e7be7bdde 100644 --- a/2020/5xxx/CVE-2020-5864.json +++ b/2020/5xxx/CVE-2020-5864.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NGINX Controller", + "version": { + "version_data": [ + { + "version_value": "< 3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K27205552", + "url": "https://support.f5.com/csp/article/K27205552" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default." } ] } diff --git a/2020/5xxx/CVE-2020-5865.json b/2020/5xxx/CVE-2020-5865.json index 87b12727b3d..646e207d9b7 100644 --- a/2020/5xxx/CVE-2020-5865.json +++ b/2020/5xxx/CVE-2020-5865.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NGINX Controller", + "version": { + "version_data": [ + { + "version_value": "< 3.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K21009022", + "url": "https://support.f5.com/csp/article/K21009022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks." } ] } diff --git a/2020/5xxx/CVE-2020-5866.json b/2020/5xxx/CVE-2020-5866.json index ef10c5f0aa0..65dda54556f 100644 --- a/2020/5xxx/CVE-2020-5866.json +++ b/2020/5xxx/CVE-2020-5866.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NGINX Controller", + "version": { + "version_data": [ + { + "version_value": "< 3.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K11922628", + "url": "https://support.f5.com/csp/article/K11922628" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments." } ] } diff --git a/2020/8xxx/CVE-2020-8798.json b/2020/8xxx/CVE-2020-8798.json index b46826b45b0..cc2a9ddf610 100644 --- a/2020/8xxx/CVE-2020-8798.json +++ b/2020/8xxx/CVE-2020-8798.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8798", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8798", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cerne.xyz/bugs/CVE-2020-8798.html", + "url": "https://cerne.xyz/bugs/CVE-2020-8798.html" } ] }