From a29b22a29a00ea3b529c9d6832f03ddabb7ee653 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 15 May 2020 17:01:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15083.json | 5 +++ 2020/11xxx/CVE-2020-11521.json | 66 ++++++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11522.json | 66 ++++++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11523.json | 66 ++++++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11524.json | 66 ++++++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11525.json | 71 +++++++++++++++++++++++++++++++--- 2020/11xxx/CVE-2020-11526.json | 66 ++++++++++++++++++++++++++++--- 2020/12xxx/CVE-2020-12685.json | 61 ++++++++++++++++++++++++++--- 2020/12xxx/CVE-2020-12720.json | 5 +++ 2020/12xxx/CVE-2020-12762.json | 5 +++ 2020/12xxx/CVE-2020-12834.json | 56 ++++++++++++++++++++++++--- 2020/12xxx/CVE-2020-12888.json | 18 +++++++++ 12 files changed, 503 insertions(+), 48 deletions(-) create mode 100644 2020/12xxx/CVE-2020-12888.json diff --git a/2019/15xxx/CVE-2019-15083.json b/2019/15xxx/CVE-2019-15083.json index 9afe3832453..fb6cbd5383a 100644 --- a/2019/15xxx/CVE-2019-15083.json +++ b/2019/15xxx/CVE-2019-15083.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105", "url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html" } ] } diff --git a/2020/11xxx/CVE-2020-11521.json b/2020/11xxx/CVE-2020-11521.json index 40c3b2a7b64..88a2e7573b2 100644 --- a/2020/11xxx/CVE-2020-11521.json +++ b/2020/11xxx/CVE-2020-11521.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11521", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11521", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRDP/FreeRDP/commits/master", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w" + }, + { + "refsource": "CONFIRM", + "name": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf", + "url": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf" } ] } diff --git a/2020/11xxx/CVE-2020-11522.json b/2020/11xxx/CVE-2020-11522.json index e78867389d2..247e3efec75 100644 --- a/2020/11xxx/CVE-2020-11522.json +++ b/2020/11xxx/CVE-2020-11522.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11522", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11522", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRDP/FreeRDP/commits/master", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh" + }, + { + "refsource": "CONFIRM", + "name": "https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf", + "url": "https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf" } ] } diff --git a/2020/11xxx/CVE-2020-11523.json b/2020/11xxx/CVE-2020-11523.json index 6f1b8fa04fc..6e8a212c767 100644 --- a/2020/11xxx/CVE-2020-11523.json +++ b/2020/11xxx/CVE-2020-11523.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11523", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11523", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRDP/FreeRDP/commits/master", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42" + }, + { + "refsource": "CONFIRM", + "name": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf", + "url": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf" } ] } diff --git a/2020/11xxx/CVE-2020-11524.json b/2020/11xxx/CVE-2020-11524.json index cccc394cb95..78a31615245 100644 --- a/2020/11xxx/CVE-2020-11524.json +++ b/2020/11xxx/CVE-2020-11524.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11524", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11524", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRDP/FreeRDP/commits/master", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw" + }, + { + "refsource": "CONFIRM", + "name": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf", + "url": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf" } ] } diff --git a/2020/11xxx/CVE-2020-11525.json b/2020/11xxx/CVE-2020-11525.json index 8fe7277b789..1781e733b3a 100644 --- a/2020/11xxx/CVE-2020-11525.json +++ b/2020/11xxx/CVE-2020-11525.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11525", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11525", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRDP/FreeRDP/commits/master", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c", + "url": "https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg" + }, + { + "refsource": "CONFIRM", + "name": "https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf", + "url": "https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf" } ] } diff --git a/2020/11xxx/CVE-2020-11526.json b/2020/11xxx/CVE-2020-11526.json index fd6d3d9b7f0..3508cdf663f 100644 --- a/2020/11xxx/CVE-2020-11526.json +++ b/2020/11xxx/CVE-2020-11526.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11526", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11526", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRDP/FreeRDP/commits/master", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9" + }, + { + "refsource": "CONFIRM", + "name": "https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf", + "url": "https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf" } ] } diff --git a/2020/12xxx/CVE-2020-12685.json b/2020/12xxx/CVE-2020-12685.json index 62b8859f5b5..475a5605aa5 100644 --- a/2020/12xxx/CVE-2020-12685.json +++ b/2020/12xxx/CVE-2020-12685.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12685", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12685", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.interchangecommerce.org", + "refsource": "MISC", + "name": "https://www.interchangecommerce.org" + }, + { + "refsource": "CONFIRM", + "name": "https://www.interchangecommerce.org/i/dev/news?mv_arg=00064", + "url": "https://www.interchangecommerce.org/i/dev/news?mv_arg=00064" } ] } diff --git a/2020/12xxx/CVE-2020-12720.json b/2020/12xxx/CVE-2020-12720.json index 4743261283a..e1bf00640e1 100644 --- a/2020/12xxx/CVE-2020-12720.json +++ b/2020/12xxx/CVE-2020-12720.json @@ -56,6 +56,11 @@ "url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1", "refsource": "MISC", "name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html" } ] } diff --git a/2020/12xxx/CVE-2020-12762.json b/2020/12xxx/CVE-2020-12762.json index 04e015352fc..1ca18a212ac 100644 --- a/2020/12xxx/CVE-2020-12762.json +++ b/2020/12xxx/CVE-2020-12762.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://github.com/json-c/json-c/pull/592", "url": "https://github.com/json-c/json-c/pull/592" + }, + { + "refsource": "MISC", + "name": "https://github.com/rsyslog/libfastjson/issues/161", + "url": "https://github.com/rsyslog/libfastjson/issues/161" } ] } diff --git a/2020/12xxx/CVE-2020-12834.json b/2020/12xxx/CVE-2020-12834.json index 112c295bfe9..1d26309eb33 100644 --- a/2020/12xxx/CVE-2020-12834.json +++ b/2020/12xxx/CVE-2020-12834.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12834", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12834", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://psytester.github.io/CVE-2020-12834/", + "refsource": "MISC", + "name": "https://psytester.github.io/CVE-2020-12834/" } ] } diff --git a/2020/12xxx/CVE-2020-12888.json b/2020/12xxx/CVE-2020-12888.json new file mode 100644 index 00000000000..887fb21d5da --- /dev/null +++ b/2020/12xxx/CVE-2020-12888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file