diff --git a/2017/16xxx/CVE-2017-16544.json b/2017/16xxx/CVE-2017-16544.json index ea1de9443e7..1f6d7ac8dc4 100644 --- a/2017/16xxx/CVE-2017-16544.json +++ b/2017/16xxx/CVE-2017-16544.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "url": "http://seclists.org/fulldisclosure/2020/Aug/20" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01" } ] } diff --git a/2020/10xxx/CVE-2020-10700.json b/2020/10xxx/CVE-2020-10700.json index 2ae946cc733..29c8a02ad84 100644 --- a/2020/10xxx/CVE-2020-10700.json +++ b/2020/10xxx/CVE-2020-10700.json @@ -84,6 +84,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-15", "url": "https://security.gentoo.org/glsa/202007-15" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1313", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10704.json b/2020/10xxx/CVE-2020-10704.json index 9ca953cd70b..eb69bd4efa5 100644 --- a/2020/10xxx/CVE-2020-10704.json +++ b/2020/10xxx/CVE-2020-10704.json @@ -79,6 +79,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-15", "url": "https://security.gentoo.org/glsa/202007-15" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1313", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10730.json b/2020/10xxx/CVE-2020-10730.json index 73bce642188..08052c06067 100644 --- a/2020/10xxx/CVE-2020-10730.json +++ b/2020/10xxx/CVE-2020-10730.json @@ -78,6 +78,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1121", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1313", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10745.json b/2020/10xxx/CVE-2020-10745.json index 1f58d758f3a..604addb5f98 100644 --- a/2020/10xxx/CVE-2020-10745.json +++ b/2020/10xxx/CVE-2020-10745.json @@ -73,6 +73,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-15", "url": "https://security.gentoo.org/glsa/202007-15" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1313", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10760.json b/2020/10xxx/CVE-2020-10760.json index d194cb569d6..aa2a16e9bdc 100644 --- a/2020/10xxx/CVE-2020-10760.json +++ b/2020/10xxx/CVE-2020-10760.json @@ -78,6 +78,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-15", "url": "https://security.gentoo.org/glsa/202007-15" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1313", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ] }, diff --git a/2020/14xxx/CVE-2020-14303.json b/2020/14xxx/CVE-2020-14303.json index 72980f86a34..544e444716c 100644 --- a/2020/14xxx/CVE-2020-14303.json +++ b/2020/14xxx/CVE-2020-14303.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4454-1", "url": "https://usn.ubuntu.com/4454-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1313", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ] }, diff --git a/2020/14xxx/CVE-2020-14349.json b/2020/14xxx/CVE-2020-14349.json index a0eb9fc75c9..f6f82be54f3 100644 --- a/2020/14xxx/CVE-2020-14349.json +++ b/2020/14xxx/CVE-2020-14349.json @@ -73,6 +73,11 @@ "refsource": "UBUNTU", "name": "USN-4472-1", "url": "https://usn.ubuntu.com/4472-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1312", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html" } ] }, diff --git a/2020/14xxx/CVE-2020-14350.json b/2020/14xxx/CVE-2020-14350.json index 1ffe3ec2727..814a0f4102d 100644 --- a/2020/14xxx/CVE-2020-14350.json +++ b/2020/14xxx/CVE-2020-14350.json @@ -83,6 +83,11 @@ "refsource": "UBUNTU", "name": "USN-4472-1", "url": "https://usn.ubuntu.com/4472-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1312", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html" } ] }, diff --git a/2020/24xxx/CVE-2020-24034.json b/2020/24xxx/CVE-2020-24034.json index bb9c2787620..45606c84a5f 100644 --- a/2020/24xxx/CVE-2020-24034.json +++ b/2020/24xxx/CVE-2020-24034.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24034", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24034", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.sagemcom.com/fr/haut-debit", + "refsource": "MISC", + "name": "https://support.sagemcom.com/fr/haut-debit" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2020/Sep/3", + "url": "https://seclists.org/fulldisclosure/2020/Sep/3" } ] } diff --git a/2020/2xxx/CVE-2020-2238.json b/2020/2xxx/CVE-2020-2238.json index b7178d8fbe9..257bba80a8c 100644 --- a/2020/2xxx/CVE-2020-2238.json +++ b/2020/2xxx/CVE-2020-2238.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1884", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1884", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2239.json b/2020/2xxx/CVE-2020-2239.json index 7ebf4ad47bd..b779f3b96ff 100644 --- a/2020/2xxx/CVE-2020-2239.json +++ b/2020/2xxx/CVE-2020-2239.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1625", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1625", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2240.json b/2020/2xxx/CVE-2020-2240.json index 613a4decbbf..451682c8004 100644 --- a/2020/2xxx/CVE-2020-2240.json +++ b/2020/2xxx/CVE-2020-2240.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1023", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1023", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2241.json b/2020/2xxx/CVE-2020-2241.json index b09629bd85a..8c074fdbd3f 100644 --- a/2020/2xxx/CVE-2020-2241.json +++ b/2020/2xxx/CVE-2020-2241.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1024", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1024", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2242.json b/2020/2xxx/CVE-2020-2242.json index ba2d44e3b5c..c3d1e4708db 100644 --- a/2020/2xxx/CVE-2020-2242.json +++ b/2020/2xxx/CVE-2020-2242.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1024", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1024", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2243.json b/2020/2xxx/CVE-2020-2243.json index 30e452472d3..806049e23af 100644 --- a/2020/2xxx/CVE-2020-2243.json +++ b/2020/2xxx/CVE-2020-2243.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1936", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1936", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2244.json b/2020/2xxx/CVE-2020-2244.json index af3e92da931..49b49aac3fd 100644 --- a/2020/2xxx/CVE-2020-2244.json +++ b/2020/2xxx/CVE-2020-2244.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1770", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1770", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2245.json b/2020/2xxx/CVE-2020-2245.json index d529cc49636..59dad0a419e 100644 --- a/2020/2xxx/CVE-2020-2245.json +++ b/2020/2xxx/CVE-2020-2245.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1829", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1829", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2246.json b/2020/2xxx/CVE-2020-2246.json index 5ec78199362..cbe1503ecc7 100644 --- a/2020/2xxx/CVE-2020-2246.json +++ b/2020/2xxx/CVE-2020-2246.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1830", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1830", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2247.json b/2020/2xxx/CVE-2020-2247.json index e6e532e1e60..5a31c910097 100644 --- a/2020/2xxx/CVE-2020-2247.json +++ b/2020/2xxx/CVE-2020-2247.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1831", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1831", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2248.json b/2020/2xxx/CVE-2020-2248.json index c1881c13b39..6a13f15a77c 100644 --- a/2020/2xxx/CVE-2020-2248.json +++ b/2020/2xxx/CVE-2020-2248.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1905", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1905", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2249.json b/2020/2xxx/CVE-2020-2249.json index 9b65ac3f8f5..3cd323127bd 100644 --- a/2020/2xxx/CVE-2020-2249.json +++ b/2020/2xxx/CVE-2020-2249.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1506", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1506", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2250.json b/2020/2xxx/CVE-2020-2250.json index 030f4161d56..2cabcd4db95 100644 --- a/2020/2xxx/CVE-2020-2250.json +++ b/2020/2xxx/CVE-2020-2250.json @@ -57,6 +57,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(1)", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/2xxx/CVE-2020-2251.json b/2020/2xxx/CVE-2020-2251.json index 3044b1ccbf8..0b1aa40ddc3 100644 --- a/2020/2xxx/CVE-2020-2251.json +++ b/2020/2xxx/CVE-2020-2251.json @@ -61,6 +61,11 @@ "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(2)", "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(2)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3" } ] } diff --git a/2020/6xxx/CVE-2020-6136.json b/2020/6xxx/CVE-2020-6136.json index b74656d2731..8f94e5737ef 100644 --- a/2020/6xxx/CVE-2020-6136.json +++ b/2020/6xxx/CVE-2020-6136.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4Ed", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1079", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1079" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6141.json b/2020/6xxx/CVE-2020-6141.json index e7978597395..5cebe396128 100644 --- a/2020/6xxx/CVE-2020-6141.json +++ b/2020/6xxx/CVE-2020-6141.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4Ed", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1081", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1081" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability." } ] }