diff --git a/2020/10xxx/CVE-2020-10720.json b/2020/10xxx/CVE-2020-10720.json index cafa429eda5..91c53e12f94 100644 --- a/2020/10xxx/CVE-2020-10720.json +++ b/2020/10xxx/CVE-2020-10720.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Kernel versions before 5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1781204", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781204" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4270d6795b0580287453ea55974d948393e66ef", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4270d6795b0580287453ea55974d948393e66ef" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel\u2019s implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system." } ] } diff --git a/2020/10xxx/CVE-2020-10967.json b/2020/10xxx/CVE-2020-10967.json index e76470e77b2..dcd15dedd18 100644 --- a/2020/10xxx/CVE-2020-10967.json +++ b/2020/10xxx/CVE-2020-10967.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-b60344c987", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-cd8b8f887b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/" } ] }, diff --git a/2020/11xxx/CVE-2020-11579.json b/2020/11xxx/CVE-2020-11579.json index 4c1aa0989d4..bf42c23a685 100644 --- a/2020/11xxx/CVE-2020-11579.json +++ b/2020/11xxx/CVE-2020-11579.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11579", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11579", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.knowledgebase-script.com/", + "refsource": "MISC", + "name": "https://www.knowledgebase-script.com/" + }, + { + "url": "https://shielder.it/", + "refsource": "MISC", + "name": "https://shielder.it/" + }, + { + "refsource": "MISC", + "name": "https://github.com/ShielderSec/CVE-2020-11579", + "url": "https://github.com/ShielderSec/CVE-2020-11579" + }, + { + "refsource": "MISC", + "name": "https://www.shielder.it/blog/mysql-and-cve-2020-11579-exploitation/", + "url": "https://www.shielder.it/blog/mysql-and-cve-2020-11579-exploitation/" } ] } diff --git a/2020/11xxx/CVE-2020-11984.json b/2020/11xxx/CVE-2020-11984.json index 88d2e38a94a..e97808b984f 100644 --- a/2020/11xxx/CVE-2020-11984.json +++ b/2020/11xxx/CVE-2020-11984.json @@ -133,6 +133,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200902 [SECURITY] [DLA 2362-1] uwsgi security update", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-0d3d3f5072", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" } ] }, diff --git a/2020/11xxx/CVE-2020-11985.json b/2020/11xxx/CVE-2020-11985.json index d79ca9451f0..23b6b39b90e 100644 --- a/2020/11xxx/CVE-2020-11985.json +++ b/2020/11xxx/CVE-2020-11985.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-189a1e6c3e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-0d3d3f5072", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" } ] }, diff --git a/2020/12xxx/CVE-2020-12100.json b/2020/12xxx/CVE-2020-12100.json index 1ee66ff0dfa..2d88fe61895 100644 --- a/2020/12xxx/CVE-2020-12100.json +++ b/2020/12xxx/CVE-2020-12100.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4456-2", "url": "https://usn.ubuntu.com/4456-2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-cd8b8f887b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/" } ] } diff --git a/2020/12xxx/CVE-2020-12673.json b/2020/12xxx/CVE-2020-12673.json index 757ee1eafd2..3ded33ac671 100644 --- a/2020/12xxx/CVE-2020-12673.json +++ b/2020/12xxx/CVE-2020-12673.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1262", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-cd8b8f887b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/" } ] } diff --git a/2020/12xxx/CVE-2020-12674.json b/2020/12xxx/CVE-2020-12674.json index 425df3199e7..186ff2b05ed 100644 --- a/2020/12xxx/CVE-2020-12674.json +++ b/2020/12xxx/CVE-2020-12674.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1262", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-cd8b8f887b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/" } ] } diff --git a/2020/14xxx/CVE-2020-14373.json b/2020/14xxx/CVE-2020-14373.json index 6163ce3e1b9..8edf69d39f5 100644 --- a/2020/14xxx/CVE-2020-14373.json +++ b/2020/14xxx/CVE-2020-14373.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ghostscript", + "version": { + "version_data": [ + { + "version_value": "9.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f", + "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f" + }, + { + "refsource": "MISC", + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=702851", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702851" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service." } ] } diff --git a/2020/15xxx/CVE-2020-15810.json b/2020/15xxx/CVE-2020-15810.json index 81b5b038b00..5057678c853 100644 --- a/2020/15xxx/CVE-2020-15810.json +++ b/2020/15xxx/CVE-2020-15810.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4477-1", "url": "https://usn.ubuntu.com/4477-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73af8655eb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" } ] } diff --git a/2020/15xxx/CVE-2020-15811.json b/2020/15xxx/CVE-2020-15811.json index 1bdaedaf37c..c6ecbf708d9 100644 --- a/2020/15xxx/CVE-2020-15811.json +++ b/2020/15xxx/CVE-2020-15811.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4477-1", "url": "https://usn.ubuntu.com/4477-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73af8655eb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" } ] } diff --git a/2020/1xxx/CVE-2020-1927.json b/2020/1xxx/CVE-2020-1927.json index a8e46307c28..d7813a48a28 100644 --- a/2020/1xxx/CVE-2020-1927.json +++ b/2020/1xxx/CVE-2020-1927.json @@ -108,6 +108,11 @@ "refsource": "DEBIAN", "name": "DSA-4757", "url": "https://www.debian.org/security/2020/dsa-4757" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-0d3d3f5072", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" } ] }, diff --git a/2020/1xxx/CVE-2020-1934.json b/2020/1xxx/CVE-2020-1934.json index 911d4af071f..45f5af411a4 100644 --- a/2020/1xxx/CVE-2020-1934.json +++ b/2020/1xxx/CVE-2020-1934.json @@ -93,6 +93,11 @@ "refsource": "DEBIAN", "name": "DSA-4757", "url": "https://www.debian.org/security/2020/dsa-4757" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-0d3d3f5072", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" } ] }, diff --git a/2020/23xxx/CVE-2020-23938.json b/2020/23xxx/CVE-2020-23938.json index bca89ce7c7f..eeca5dbd869 100644 --- a/2020/23xxx/CVE-2020-23938.json +++ b/2020/23xxx/CVE-2020-23938.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 4.0.8.3 can cause a denial of service via crafted 0x82000028 IOCTL call." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. This candidate was erroneously published without a public reference containing the required information." } ] } diff --git a/2020/24xxx/CVE-2020-24193.json b/2020/24xxx/CVE-2020-24193.json index 4c06eb7df51..352ba272377 100644 --- a/2020/24xxx/CVE-2020-24193.json +++ b/2020/24xxx/CVE-2020-24193.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24193", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24193", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sourcecodetester.com", + "refsource": "MISC", + "name": "http://sourcecodetester.com" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48787", + "url": "https://www.exploit-db.com/exploits/48787" } ] } diff --git a/2020/24xxx/CVE-2020-24212.json b/2020/24xxx/CVE-2020-24212.json index dad2c6affa4..8b4d0f1b334 100644 --- a/2020/24xxx/CVE-2020-24212.json +++ b/2020/24xxx/CVE-2020-24212.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "**REJECTED**Kaldin 4.0 is affected by: Insecure Permissions. The impact is: gain privileges (remote). The attack vector is: The affected URLs should be opened." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. This candidate was erroneously published without a public reference containing the required information." } ] } diff --git a/2020/24xxx/CVE-2020-24370.json b/2020/24xxx/CVE-2020-24370.json index fd3ac82a6b8..02769b45fb1 100644 --- a/2020/24xxx/CVE-2020-24370.json +++ b/2020/24xxx/CVE-2020-24370.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-d7ed9f18ff", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-c83556709c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/" } ] } diff --git a/2020/24xxx/CVE-2020-24606.json b/2020/24xxx/CVE-2020-24606.json index b4e9d942384..1d55f789597 100644 --- a/2020/24xxx/CVE-2020-24606.json +++ b/2020/24xxx/CVE-2020-24606.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4477-1", "url": "https://usn.ubuntu.com/4477-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73af8655eb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" } ] }, diff --git a/2020/25xxx/CVE-2020-25115.json b/2020/25xxx/CVE-2020-25115.json new file mode 100644 index 00000000000..1d440e81493 --- /dev/null +++ b/2020/25xxx/CVE-2020-25115.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25116.json b/2020/25xxx/CVE-2020-25116.json new file mode 100644 index 00000000000..836c99d04bf --- /dev/null +++ b/2020/25xxx/CVE-2020-25116.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25117.json b/2020/25xxx/CVE-2020-25117.json new file mode 100644 index 00000000000..111d82f79ba --- /dev/null +++ b/2020/25xxx/CVE-2020-25117.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25118.json b/2020/25xxx/CVE-2020-25118.json new file mode 100644 index 00000000000..fa7bbf3ed88 --- /dev/null +++ b/2020/25xxx/CVE-2020-25118.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25119.json b/2020/25xxx/CVE-2020-25119.json new file mode 100644 index 00000000000..aaa1a552843 --- /dev/null +++ b/2020/25xxx/CVE-2020-25119.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25120.json b/2020/25xxx/CVE-2020-25120.json new file mode 100644 index 00000000000..487c6815206 --- /dev/null +++ b/2020/25xxx/CVE-2020-25120.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25121.json b/2020/25xxx/CVE-2020-25121.json new file mode 100644 index 00000000000..db6b11deebc --- /dev/null +++ b/2020/25xxx/CVE-2020-25121.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25122.json b/2020/25xxx/CVE-2020-25122.json new file mode 100644 index 00000000000..3fa81dcbe0b --- /dev/null +++ b/2020/25xxx/CVE-2020-25122.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25123.json b/2020/25xxx/CVE-2020-25123.json new file mode 100644 index 00000000000..da6dc2df21c --- /dev/null +++ b/2020/25xxx/CVE-2020-25123.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25124.json b/2020/25xxx/CVE-2020-25124.json new file mode 100644 index 00000000000..c485cd8db1e --- /dev/null +++ b/2020/25xxx/CVE-2020-25124.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html", + "refsource": "MISC", + "name": "https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25125.json b/2020/25xxx/CVE-2020-25125.json new file mode 100644 index 00000000000..7599cff9ed9 --- /dev/null +++ b/2020/25xxx/CVE-2020-25125.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-25125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034", + "refsource": "MISC", + "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034" + }, + { + "url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc", + "refsource": "MISC", + "name": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc" + }, + { + "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html", + "refsource": "MISC", + "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html" + }, + { + "url": "https://dev.gnupg.org/T5050", + "refsource": "MISC", + "name": "https://dev.gnupg.org/T5050" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9199.json b/2020/9xxx/CVE-2020-9199.json index c7cf832f777..9826f4060dc 100644 --- a/2020/9xxx/CVE-2020-9199.json +++ b/2020/9xxx/CVE-2020-9199.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "B2368-22;B2368-57;B2368-66", + "version": { + "version_data": [ + { + "version_value": "V100R001C00" + }, + { + "version_value": "V100R001C00" + }, + { + "version_value": "V100R001C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device." } ] }