diff --git a/2020/14xxx/CVE-2020-14273.json b/2020/14xxx/CVE-2020-14273.json index 2076337d9ff..091be9d9e31 100644 --- a/2020/14xxx/CVE-2020-14273.json +++ b/2020/14xxx/CVE-2020-14273.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14273", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Domino", + "version": { + "version_data": [ + { + "version_value": "v10" + }, + { + "version_value": "v11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Denial of Service\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085947", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085947" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server." } ] } diff --git a/2020/25xxx/CVE-2020-25507.json b/2020/25xxx/CVE-2020-25507.json index 2ebce3087b2..9944ef04319 100644 --- a/2020/25xxx/CVE-2020-25507.json +++ b/2020/25xxx/CVE-2020-25507.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25507", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25507", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.nomagic.com/display/TWCloud190/Installation+on+Linux+using+scripts", + "refsource": "MISC", + "name": "https://docs.nomagic.com/display/TWCloud190/Installation+on+Linux+using+scripts" + }, + { + "refsource": "MISC", + "name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md", + "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md" } ] } diff --git a/2020/26xxx/CVE-2020-26290.json b/2020/26xxx/CVE-2020-26290.json index 07f98652bb3..2ab920db8c8 100644 --- a/2020/26xxx/CVE-2020-26290.json +++ b/2020/26xxx/CVE-2020-26290.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector.\nThe vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library.\nThe vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references)." + "value": "Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references)." } ] }, @@ -69,6 +69,26 @@ }, "references": { "reference_data": [ + { + "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md", + "refsource": "MISC", + "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md" + }, + { + "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md", + "refsource": "MISC", + "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md" + }, + { + "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md", + "refsource": "MISC", + "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md" + }, + { + "name": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/", + "refsource": "MISC", + "url": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/" + }, { "name": "https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5", "refsource": "CONFIRM", @@ -88,26 +108,6 @@ "name": "https://github.com/dexidp/dex/releases/tag/v2.27.0", "refsource": "MISC", "url": "https://github.com/dexidp/dex/releases/tag/v2.27.0" - }, - { - "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md", - "refsource": "MISC", - "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md" - }, - { - "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md", - "refsource": "MISC", - "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md" - }, - { - "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md", - "refsource": "MISC", - "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md" - }, - { - "name": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/", - "refsource": "MISC", - "url": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/" } ] }, diff --git a/2020/35xxx/CVE-2020-35730.json b/2020/35xxx/CVE-2020-35730.json index b6116273fe3..ddacdc53f9b 100644 --- a/2020/35xxx/CVE-2020-35730.json +++ b/2020/35xxx/CVE-2020-35730.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35730", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35730", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "linkref_addindex in rcube_string_replacer.php in Roundcube Webmail before 1.4.10 allows XSS via a crafted email message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://roundcube.net/download/", + "refsource": "MISC", + "name": "https://roundcube.net/download/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10", + "url": "https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491" } ] } diff --git a/2020/35xxx/CVE-2020-35766.json b/2020/35xxx/CVE-2020-35766.json new file mode 100644 index 00000000000..274eb9a13ed --- /dev/null +++ b/2020/35xxx/CVE-2020-35766.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the \"A number of self-test programs are included here for unit-testing the library\" situation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/trusteddomainproject/OpenDKIM/issues/113", + "refsource": "MISC", + "name": "https://github.com/trusteddomainproject/OpenDKIM/issues/113" + } + ] + } +} \ No newline at end of file