"-Synchronized-Data."

2025-06-19 17:32:41 +00:00 · 2020-12-29 22:01:54 +00:00 · 2020-12-29 22:01:54 +00:00 · a9b31df2d8
commit a9b31df2d8
parent 346a394e4a
5 changed files with 21 additions and 1 deletions
--- a/2018/7xxx/CVE-2018-7580.json
+++ b/2018/7xxx/CVE-2018-7580.json
@ -61,6 +61,11 @@
                "refsource": "FULLDISC",
                "name": "20201225 [CVE-2018-7580] - Philips Hue Denial of Service",
                "url": "http://seclists.org/fulldisclosure/2020/Dec/51"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html",
+                "url": "http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html"
            }
        ]
    }
--- a/2020/25xxx/CVE-2020-25200.json
+++ b/2020/25xxx/CVE-2020-25200.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely."
+                "value": "** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design."
            }
        ]
    },
--- a/2020/29xxx/CVE-2020-29550.json
+++ b/2020/29xxx/CVE-2020-29550.json
@ -66,6 +66,11 @@
                "refsource": "FULLDISC",
                "name": "20201225 SYSS-2020-042 Urve - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)",
                "url": "http://seclists.org/fulldisclosure/2020/Dec/49"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/160726/URVE-Software-Build-24.03.2020-Information-Disclosure.html",
+                "url": "http://packetstormsecurity.com/files/160726/URVE-Software-Build-24.03.2020-Information-Disclosure.html"
            }
        ]
    }
--- a/2020/29xxx/CVE-2020-29551.json
+++ b/2020/29xxx/CVE-2020-29551.json
@ -66,6 +66,11 @@
                "refsource": "FULLDISC",
                "name": "20201225 SYSS-2020-041 Urve - Missing Authorization (CWE-862)",
                "url": "http://seclists.org/fulldisclosure/2020/Dec/48"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/160725/URVE-Software-Build-24.03.2020-Missing-Authorization.html",
+                "url": "http://packetstormsecurity.com/files/160725/URVE-Software-Build-24.03.2020-Missing-Authorization.html"
            }
        ]
    }
--- a/2020/29xxx/CVE-2020-29552.json
+++ b/2020/29xxx/CVE-2020-29552.json
@ -66,6 +66,11 @@
                "refsource": "FULLDISC",
                "name": "20201225 SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306)",
                "url": "http://seclists.org/fulldisclosure/2020/Dec/47"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/160722/URVE-Software-Build-24.03.2020-Authentication-Bypass-Remote-Code-Execution.html",
+                "url": "http://packetstormsecurity.com/files/160722/URVE-Software-Build-24.03.2020-Authentication-Bypass-Remote-Code-Execution.html"
            }
        ]
    }