diff --git a/2020/0xxx/CVE-2020-0787.json b/2020/0xxx/CVE-2020-0787.json index 68e3ddbf42f..567c3f8c8cf 100644 --- a/2020/0xxx/CVE-2020-0787.json +++ b/2020/0xxx/CVE-2020-0787.json @@ -245,6 +245,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html" } ] } diff --git a/2020/0xxx/CVE-2020-0796.json b/2020/0xxx/CVE-2020-0796.json index 7725d36eeac..dedf692a752 100644 --- a/2020/0xxx/CVE-2020-0796.json +++ b/2020/0xxx/CVE-2020-0796.json @@ -151,6 +151,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html" } ] } diff --git a/2020/12xxx/CVE-2020-12695.json b/2020/12xxx/CVE-2020-12695.json index 267f38bebf8..57894300c15 100644 --- a/2020/12xxx/CVE-2020-12695.json +++ b/2020/12xxx/CVE-2020-12695.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://github.com/yunuscadirci/CallStranger", "url": "https://github.com/yunuscadirci/CallStranger" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html", + "url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html" } ] } diff --git a/2020/12xxx/CVE-2020-12725.json b/2020/12xxx/CVE-2020-12725.json index a87d45458e2..4c5ccba05f4 100644 --- a/2020/12xxx/CVE-2020-12725.json +++ b/2020/12xxx/CVE-2020-12725.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12725", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12725", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the \"JSON\" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.redash.io", + "refsource": "MISC", + "name": "https://blog.redash.io" + }, + { + "url": "https://github.com/getredash/redash/commits/master", + "refsource": "MISC", + "name": "https://github.com/getredash/redash/commits/master" + }, + { + "refsource": "MISC", + "name": "https://github.com/getredash/redash/issues/4869", + "url": "https://github.com/getredash/redash/issues/4869" } ] } diff --git a/2020/13xxx/CVE-2020-13702.json b/2020/13xxx/CVE-2020-13702.json index 3b3f234e637..d88ded16366 100644 --- a/2020/13xxx/CVE-2020-13702.json +++ b/2020/13xxx/CVE-2020-13702.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf", + "url": "https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14035.json b/2020/14xxx/CVE-2020-14035.json new file mode 100644 index 00000000000..93add0979f4 --- /dev/null +++ b/2020/14xxx/CVE-2020-14035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14036.json b/2020/14xxx/CVE-2020-14036.json new file mode 100644 index 00000000000..75d580206ff --- /dev/null +++ b/2020/14xxx/CVE-2020-14036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14037.json b/2020/14xxx/CVE-2020-14037.json new file mode 100644 index 00000000000..319d6f1f7f8 --- /dev/null +++ b/2020/14xxx/CVE-2020-14037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14038.json b/2020/14xxx/CVE-2020-14038.json new file mode 100644 index 00000000000..8432f69c0f1 --- /dev/null +++ b/2020/14xxx/CVE-2020-14038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-14038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1206.json b/2020/1xxx/CVE-2020-1206.json index e4864dee581..48c67618852 100644 --- a/2020/1xxx/CVE-2020-1206.json +++ b/2020/1xxx/CVE-2020-1206.json @@ -166,6 +166,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158053/SMBleed-Uninitialized-Kernel-Memory-Read-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/158053/SMBleed-Uninitialized-Kernel-Memory-Read-Proof-Of-Concept.html" } ] }