From 8e445a290378122eb0b92d5959f19852e5a89fd0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 29 Jun 2020 17:01:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12049.json | 5 +++ 2020/14xxx/CVE-2020-14068.json | 61 ++++++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14069.json | 61 ++++++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14070.json | 61 ++++++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14071.json | 61 ++++++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14072.json | 61 ++++++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14412.json | 56 +++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14413.json | 56 +++++++++++++++++++++++++++---- 2020/14xxx/CVE-2020-14414.json | 56 +++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15354.json | 4 +-- 2020/15xxx/CVE-2020-15355.json | 4 +-- 2020/15xxx/CVE-2020-15356.json | 4 +-- 2020/15xxx/CVE-2020-15362.json | 56 +++++++++++++++++++++++++++---- 13 files changed, 486 insertions(+), 60 deletions(-) diff --git a/2020/12xxx/CVE-2020-12049.json b/2020/12xxx/CVE-2020-12049.json index 8d101b682e8..7a8513d0b6b 100644 --- a/2020/12xxx/CVE-2020-12049.json +++ b/2020/12xxx/CVE-2020-12049.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4398-1", "url": "https://usn.ubuntu.com/4398-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4398-2", + "url": "https://usn.ubuntu.com/4398-2/" } ] } diff --git a/2020/14xxx/CVE-2020-14068.json b/2020/14xxx/CVE-2020-14068.json index 989e8822c4c..cd5a9bb95a5 100644 --- a/2020/14xxx/CVE-2020-14068.json +++ b/2020/14xxx/CVE-2020-14068.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14068", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mk-auth.com.br/page/changelog-1", + "refsource": "MISC", + "name": "http://mk-auth.com.br/page/changelog-1" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20", + "url": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20" } ] } diff --git a/2020/14xxx/CVE-2020-14069.json b/2020/14xxx/CVE-2020-14069.json index 56efdd41f96..df6e6006544 100644 --- a/2020/14xxx/CVE-2020-14069.json +++ b/2020/14xxx/CVE-2020-14069.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mk-auth.com.br/page/changelog-1", + "refsource": "MISC", + "name": "http://mk-auth.com.br/page/changelog-1" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20", + "url": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20" } ] } diff --git a/2020/14xxx/CVE-2020-14070.json b/2020/14xxx/CVE-2020-14070.json index c3817bebd3d..c284537b73e 100644 --- a/2020/14xxx/CVE-2020-14070.json +++ b/2020/14xxx/CVE-2020-14070.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mk-auth.com.br/page/changelog-1", + "refsource": "MISC", + "name": "http://mk-auth.com.br/page/changelog-1" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20", + "url": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20" } ] } diff --git a/2020/14xxx/CVE-2020-14071.json b/2020/14xxx/CVE-2020-14071.json index cfe40e5487f..00336789edc 100644 --- a/2020/14xxx/CVE-2020-14071.json +++ b/2020/14xxx/CVE-2020-14071.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14071", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mk-auth.com.br/page/changelog-1", + "refsource": "MISC", + "name": "http://mk-auth.com.br/page/changelog-1" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20", + "url": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20" } ] } diff --git a/2020/14xxx/CVE-2020-14072.json b/2020/14xxx/CVE-2020-14072.json index 1d4adfc0b50..262a598ed85 100644 --- a/2020/14xxx/CVE-2020-14072.json +++ b/2020/14xxx/CVE-2020-14072.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14072", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mk-auth.com.br/page/changelog-1", + "refsource": "MISC", + "name": "http://mk-auth.com.br/page/changelog-1" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20", + "url": "https://gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20" } ] } diff --git a/2020/14xxx/CVE-2020-14412.json b/2020/14xxx/CVE-2020-14412.json index b2d78db251c..135a28aa1ba 100644 --- a/2020/14xxx/CVE-2020-14412.json +++ b/2020/14xxx/CVE-2020-14412.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14412", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14412", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/farid007/c0df57620a3cc1fb565bc77a945aa3fd", + "url": "https://gist.github.com/farid007/c0df57620a3cc1fb565bc77a945aa3fd" } ] } diff --git a/2020/14xxx/CVE-2020-14413.json b/2020/14xxx/CVE-2020-14413.json index c8cbff2c835..c21d03cd474 100644 --- a/2020/14xxx/CVE-2020-14413.json +++ b/2020/14xxx/CVE-2020-14413.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8", + "url": "https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8" } ] } diff --git a/2020/14xxx/CVE-2020-14414.json b/2020/14xxx/CVE-2020-14414.json index 62ad09d109d..608298b2807 100644 --- a/2020/14xxx/CVE-2020-14414.json +++ b/2020/14xxx/CVE-2020-14414.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14414", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14414", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/farid007/a3d96d305f028d221f729eb6ae681f5a", + "url": "https://gist.github.com/farid007/a3d96d305f028d221f729eb6ae681f5a" } ] } diff --git a/2020/15xxx/CVE-2020-15354.json b/2020/15xxx/CVE-2020-15354.json index b03e4313066..216690ff4ce 100644 --- a/2020/15xxx/CVE-2020-15354.json +++ b/2020/15xxx/CVE-2020-15354.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-15354", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/15xxx/CVE-2020-15355.json b/2020/15xxx/CVE-2020-15355.json index 2f1aa4bda8b..b743f005489 100644 --- a/2020/15xxx/CVE-2020-15355.json +++ b/2020/15xxx/CVE-2020-15355.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-15355", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/15xxx/CVE-2020-15356.json b/2020/15xxx/CVE-2020-15356.json index 70790ba24d5..e8992ca0bef 100644 --- a/2020/15xxx/CVE-2020-15356.json +++ b/2020/15xxx/CVE-2020-15356.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-15356", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/15xxx/CVE-2020-15362.json b/2020/15xxx/CVE-2020-15362.json index 1a52920bbcf..4f6b666fab2 100644 --- a/2020/15xxx/CVE-2020-15362.json +++ b/2020/15xxx/CVE-2020-15362.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15362", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15362", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/thingsSDK/wifiscanner/issues/1", + "refsource": "MISC", + "name": "https://github.com/thingsSDK/wifiscanner/issues/1" } ] }