diff --git a/2020/10xxx/CVE-2020-10630.json b/2020/10xxx/CVE-2020-10630.json index 12d3bfe1488..602efee7fa2 100644 --- a/2020/10xxx/CVE-2020-10630.json +++ b/2020/10xxx/CVE-2020-10630.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU)", + "version": { + "version_data": [ + { + "version_value": "FW-50 RTU, Series: 5 Series" + }, + { + "version_value": "CPU-type: CPU-5B" + }, + { + "version_value": "Hardware Revision: 2" + }, + { + "version_value": "CPLD Revision: 6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA2012602", + "url": "https://www.us-cert.gov/ics/advisories/ICSA2012602" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users." } ] } diff --git a/2020/10xxx/CVE-2020-10634.json b/2020/10xxx/CVE-2020-10634.json index 2a94a0896e7..a74007b2cb7 100644 --- a/2020/10xxx/CVE-2020-10634.json +++ b/2020/10xxx/CVE-2020-10634.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU)", + "version": { + "version_data": [ + { + "version_value": "FW-50 RTU, Series: 5 Series" + }, + { + "version_value": "CPU-type: CPU-5B" + }, + { + "version_value": "Hardware Revision: 2" + }, + { + "version_value": "CPLD Revision: 6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA2012602", + "url": "https://www.us-cert.gov/ics/advisories/ICSA2012602" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible." } ] } diff --git a/2020/10xxx/CVE-2020-10859.json b/2020/10xxx/CVE-2020-10859.json index c21ecb9ebfd..84934d5dfad 100644 --- a/2020/10xxx/CVE-2020-10859.json +++ b/2020/10xxx/CVE-2020-10859.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html", + "url": "https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html" } ] } diff --git a/2020/11xxx/CVE-2020-11051.json b/2020/11xxx/CVE-2020-11051.json index bac0fb21baa..784bfc6f9dd 100644 --- a/2020/11xxx/CVE-2020-11051.json +++ b/2020/11xxx/CVE-2020-11051.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel.\n\nThe rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor.\n\nThis has been patched in 2.3.81." + "value": "In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81." } ] }, diff --git a/2020/11xxx/CVE-2020-11443.json b/2020/11xxx/CVE-2020-11443.json index 24b04b9f47b..be900a33e88 100644 --- a/2020/11xxx/CVE-2020-11443.json +++ b/2020/11xxx/CVE-2020-11443.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The MSI installer in Zoom before 4.6.10 on Windows follows Symbolic Links." + "value": "The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user." } ] }, @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows", "url": "https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows" + }, + { + "refsource": "CONFIRM", + "name": "https://support.zoom.us/hc/en-us/articles/360043036451", + "url": "https://support.zoom.us/hc/en-us/articles/360043036451" } ] } diff --git a/2020/12xxx/CVE-2020-12459.json b/2020/12xxx/CVE-2020-12459.json index f17a76083b7..53d7e5e53ab 100644 --- a/2020/12xxx/CVE-2020-12459.json +++ b/2020/12xxx/CVE-2020-12459.json @@ -57,11 +57,6 @@ "refsource": "MISC", "name": "https://github.com/grafana/grafana/issues/8283" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827765", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1827765" - }, { "refsource": "CONFIRM", "name": "https://access.redhat.com/security/cve/CVE-2020-12459", @@ -71,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1829724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829724" + }, + { + "refsource": "CONFIRM", + "name": "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277", + "url": "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277" } ] } diff --git a/2020/12xxx/CVE-2020-12662.json b/2020/12xxx/CVE-2020-12662.json new file mode 100644 index 00000000000..43b0cd0d77c --- /dev/null +++ b/2020/12xxx/CVE-2020-12662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12663.json b/2020/12xxx/CVE-2020-12663.json new file mode 100644 index 00000000000..8052b60eb3b --- /dev/null +++ b/2020/12xxx/CVE-2020-12663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12664.json b/2020/12xxx/CVE-2020-12664.json new file mode 100644 index 00000000000..46f98ee2e44 --- /dev/null +++ b/2020/12xxx/CVE-2020-12664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12665.json b/2020/12xxx/CVE-2020-12665.json new file mode 100644 index 00000000000..492ec144313 --- /dev/null +++ b/2020/12xxx/CVE-2020-12665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file