diff --git a/2019/18xxx/CVE-2019-18634.json b/2019/18xxx/CVE-2019-18634.json index 9d5d519d61a..883fbe8dac5 100644 --- a/2019/18xxx/CVE-2019-18634.json +++ b/2019/18xxx/CVE-2019-18634.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Sudo through 1.8.29, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c." + "value": "In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c." } ] }, @@ -57,10 +57,20 @@ "name": "https://support.apple.com/kb/HT210919", "url": "https://support.apple.com/kb/HT210919" }, + { + "refsource": "BUGTRAQ", + "name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra", + "url": "https://seclists.org/bugtraq/2020/Jan/44" + }, { "refsource": "MISC", "name": "https://www.sudo.ws/security.html", "url": "https://www.sudo.ws/security.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.sudo.ws/alerts/pwfeedback.html", + "url": "https://www.sudo.ws/alerts/pwfeedback.html" } ] } diff --git a/2019/20xxx/CVE-2019-20358.json b/2019/20xxx/CVE-2019-20358.json index cc7a52a0222..8f70085a5f9 100644 --- a/2019/20xxx/CVE-2019-20358.json +++ b/2019/20xxx/CVE-2019-20358.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2019-20358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Anti-Threat Toolkit (ATTK)", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1.62.0.1218 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary RCE" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000149878" - }, - { - "url" : "https://seclists.org/bugtraq/2020/Jan/55" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-20358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Anti-Threat Toolkit (ATTK)", + "version": { + "version_data": [ + { + "version_value": "Version 1.62.0.1218 and below" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary RCE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000149878", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000149878" + }, + { + "url": "https://seclists.org/bugtraq/2020/Jan/55", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2020/Jan/55" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5206.json b/2020/5xxx/CVE-2020-5206.json index 6ee1a2a4a8f..8ea9b86a31d 100644 --- a/2020/5xxx/CVE-2020-5206.json +++ b/2020/5xxx/CVE-2020-5206.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.\n\nThis way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication.\n\nThis problem is fixed in Opencast 7.6 and Opencast 8.1" + "value": "In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1" } ] }, diff --git a/2020/5xxx/CVE-2020-5231.json b/2020/5xxx/CVE-2020-5231.json index b1f8937afff..1f6842457dd 100644 --- a/2020/5xxx/CVE-2020-5231.json +++ b/2020/5xxx/CVE-2020-5231.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not \nincluding the role ROLE_ADMIN.\n\nROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests)\nbut only in the security configuration. From the name – implying an admin for a specific course – users would never expect that this \nrole allows user creation.\n\nThis issue is fixed in 7.6 and 8.1 which both ship a new default security configuration." + "value": "In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name \u2013 implying an admin for a specific course \u2013 users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration." } ] }, @@ -88,4 +88,4 @@ "advisory": "GHSA-94qw-r73x-j7hg", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8095.json b/2020/8xxx/CVE-2020-8095.json index 15cf9acc455..c7f0ab9ca7f 100644 --- a/2020/8xxx/CVE-2020-8095.json +++ b/2020/8xxx/CVE-2020-8095.json @@ -81,8 +81,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021", + "name": "https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021" } ] }, diff --git a/2020/8xxx/CVE-2020-8493.json b/2020/8xxx/CVE-2020-8493.json index fb68152b089..590aa5e6aa4 100644 --- a/2020/8xxx/CVE-2020-8493.json +++ b/2020/8xxx/CVE-2020-8493.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8493", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8493", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-webta", + "refsource": "MISC", + "name": "http://www.nolanbkennedy.com/post/stored-xss-in-kronos-web-time-and-attendance-webta" + }, + { + "url": "https://www.kronos.com/products/kronos-webta", + "refsource": "MISC", + "name": "https://www.kronos.com/products/kronos-webta" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:H/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8494.json b/2020/8xxx/CVE-2020-8494.json index aa037d64779..7306e087843 100644 --- a/2020/8xxx/CVE-2020-8494.json +++ b/2020/8xxx/CVE-2020-8494.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8494", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8494", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kronos.com/products/kronos-webta", + "refsource": "MISC", + "name": "https://www.kronos.com/products/kronos-webta" + }, + { + "url": "http://www.nolanbkennedy.com/post/privilege-escalation-2-in-kronos-web-time-and-attendance-webta", + "refsource": "MISC", + "name": "http://www.nolanbkennedy.com/post/privilege-escalation-2-in-kronos-web-time-and-attendance-webta" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8495.json b/2020/8xxx/CVE-2020-8495.json index 1913eff21e8..0a45c8d6af3 100644 --- a/2020/8xxx/CVE-2020-8495.json +++ b/2020/8xxx/CVE-2020-8495.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8495", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8495", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kronos.com/products/kronos-webta", + "refsource": "MISC", + "name": "https://www.kronos.com/products/kronos-webta" + }, + { + "url": "http://www.nolanbkennedy.com/post/privilege-escalation-in-kronos-web-time-and-attendance-webta", + "refsource": "MISC", + "name": "http://www.nolanbkennedy.com/post/privilege-escalation-in-kronos-web-time-and-attendance-webta" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8496.json b/2020/8xxx/CVE-2020-8496.json index 128c8550a12..4902c06df1c 100644 --- a/2020/8xxx/CVE-2020-8496.json +++ b/2020/8xxx/CVE-2020-8496.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8496", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8496", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kronos.com/products/kronos-webta", + "refsource": "MISC", + "name": "https://www.kronos.com/products/kronos-webta" + }, + { + "url": "http://www.nolanbkennedy.com/post/stored-xss-2-in-kronos-web-time-and-attendance-webta", + "refsource": "MISC", + "name": "http://www.nolanbkennedy.com/post/stored-xss-2-in-kronos-web-time-and-attendance-webta" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:H/PR:H/S:C/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8497.json b/2020/8xxx/CVE-2020-8497.json new file mode 100644 index 00000000000..82fc90b1d52 --- /dev/null +++ b/2020/8xxx/CVE-2020-8497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file