diff --git a/2020/13xxx/CVE-2020-13942.json b/2020/13xxx/CVE-2020-13942.json index c398ce73eb2..af6d3c5be9f 100644 --- a/2020/13xxx/CVE-2020-13942.json +++ b/2020/13xxx/CVE-2020-13942.json @@ -59,12 +59,33 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "http://unomi.apache.org./security/cve-2020-13942.txt" + "refsource": "MISC", + "url": "http://unomi.apache.org./security/cve-2020-13942.txt", + "name": "http://unomi.apache.org./security/cve-2020-13942.txt" + }, + { + "refsource": "MLIST", + "name": "[unomi-dev] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi", + "url": "https://lists.apache.org/thread.html/rcb6d2eafcf15def433aaddfa06738e5faa5060cef2647769e178999a@%3Cdev.unomi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[unomi-users] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi", + "url": "https://lists.apache.org/thread.html/rcb6d2eafcf15def433aaddfa06738e5faa5060cef2647769e178999a@%3Cusers.unomi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[unomi-users] 20201124 Apache Unomi 1.5.4 Release", + "url": "https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[unomi-dev] 20201124 Apache Unomi 1.5.4 Release", + "url": "https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cdev.unomi.apache.org%3E" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25640.json b/2020/25xxx/CVE-2020-25640.json index fc438f9cc51..34b34340b2f 100644 --- a/2020/25xxx/CVE-2020-25640.json +++ b/2020/25xxx/CVE-2020-25640.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "wildfly", + "version": { + "version_data": [ + { + "version_value": "Wildfly 21.0.0.Final" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "(CWE-209|CWE-532)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637" + }, + { + "refsource": "MISC", + "name": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13", + "url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file." } ] } diff --git a/2020/28xxx/CVE-2020-28330.json b/2020/28xxx/CVE-2020-28330.json index e15d65fbd49..9832e798551 100644 --- a/2020/28xxx/CVE-2020-28330.json +++ b/2020/28xxx/CVE-2020-28330.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28330", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28330", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt", + "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28332.json b/2020/28xxx/CVE-2020-28332.json index 46b8a932759..313f0d3247d 100644 --- a/2020/28xxx/CVE-2020-28332.json +++ b/2020/28xxx/CVE-2020-28332.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28332", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28332", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160164/Barco-wePresent-Insecure-Firmware-Image.html", + "url": "http://packetstormsecurity.com/files/160164/Barco-wePresent-Insecure-Firmware-Image.html" + }, + { + "refsource": "MISC", + "name": "https://korelogic.com/Resources/Advisories/KL-001-2020-009.txt", + "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-009.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28333.json b/2020/28xxx/CVE-2020-28333.json index 6cf1771e91d..f9e668a75f7 100644 --- a/2020/28xxx/CVE-2020-28333.json +++ b/2020/28xxx/CVE-2020-28333.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28333", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28333", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a \"SEID\" token that is appended to the end of URLs in GET requests. Thus the \"SEID\" would be exposed in web proxy logs and browser history. An attacker that is able to capture the \"SEID\" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html" + }, + { + "refsource": "MISC", + "name": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt", + "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28334.json b/2020/28xxx/CVE-2020-28334.json index c523f8a36d3..4f11ebbb9f4 100644 --- a/2020/28xxx/CVE-2020-28334.json +++ b/2020/28xxx/CVE-2020-28334.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28334", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28334", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160163/Barco-wePresent-Global-Hardcoded-Root-SSH-Password.html", + "url": "http://packetstormsecurity.com/files/160163/Barco-wePresent-Global-Hardcoded-Root-SSH-Password.html" + }, + { + "refsource": "MISC", + "name": "https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt", + "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt" } ] } diff --git a/2020/29xxx/CVE-2020-29048.json b/2020/29xxx/CVE-2020-29048.json new file mode 100644 index 00000000000..e1d2f19ba53 --- /dev/null +++ b/2020/29xxx/CVE-2020-29048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29049.json b/2020/29xxx/CVE-2020-29049.json new file mode 100644 index 00000000000..cbe62f87f42 --- /dev/null +++ b/2020/29xxx/CVE-2020-29049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-29049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file