diff --git a/2020/10xxx/CVE-2020-10806.json b/2020/10xxx/CVE-2020-10806.json new file mode 100644 index 00000000000..d4a9a316174 --- /dev/null +++ b/2020/10xxx/CVE-2020-10806.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads", + "refsource": "MISC", + "name": "https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10807.json b/2020/10xxx/CVE-2020-10807.json new file mode 100644 index 00000000000..b9e37bc7db7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10807.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged \"localhost\" string in the HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mitre/caldera/issues/1405", + "refsource": "MISC", + "name": "https://github.com/mitre/caldera/issues/1405" + }, + { + "url": "https://github.com/mitre/caldera/pull/1407", + "refsource": "MISC", + "name": "https://github.com/mitre/caldera/pull/1407" + }, + { + "url": "https://github.com/mitre/caldera/compare/2.6.4...2.6.5", + "refsource": "MISC", + "name": "https://github.com/mitre/caldera/compare/2.6.4...2.6.5" + }, + { + "url": "https://github.com/mitre/caldera/releases/tag/2.6.5", + "refsource": "MISC", + "name": "https://github.com/mitre/caldera/releases/tag/2.6.5" + } + ] + } +} \ No newline at end of file