From a9b31df2d860d5f3a3cbf50f2047dd91d8daa7a2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Dec 2020 22:01:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/7xxx/CVE-2018-7580.json | 5 +++++ 2020/25xxx/CVE-2020-25200.json | 2 +- 2020/29xxx/CVE-2020-29550.json | 5 +++++ 2020/29xxx/CVE-2020-29551.json | 5 +++++ 2020/29xxx/CVE-2020-29552.json | 5 +++++ 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/2018/7xxx/CVE-2018-7580.json b/2018/7xxx/CVE-2018-7580.json index 41c4a3eed53..40fb66757ed 100644 --- a/2018/7xxx/CVE-2018-7580.json +++ b/2018/7xxx/CVE-2018-7580.json @@ -61,6 +61,11 @@ "refsource": "FULLDISC", "name": "20201225 [CVE-2018-7580] - Philips Hue Denial of Service", "url": "http://seclists.org/fulldisclosure/2020/Dec/51" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html", + "url": "http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html" } ] } diff --git a/2020/25xxx/CVE-2020-25200.json b/2020/25xxx/CVE-2020-25200.json index 65d2880314b..d8aef45dd7d 100644 --- a/2020/25xxx/CVE-2020-25200.json +++ b/2020/25xxx/CVE-2020-25200.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely." + "value": "** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design." } ] }, diff --git a/2020/29xxx/CVE-2020-29550.json b/2020/29xxx/CVE-2020-29550.json index 7897fbfedd9..48e0d21f58a 100644 --- a/2020/29xxx/CVE-2020-29550.json +++ b/2020/29xxx/CVE-2020-29550.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20201225 SYSS-2020-042 Urve - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)", "url": "http://seclists.org/fulldisclosure/2020/Dec/49" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160726/URVE-Software-Build-24.03.2020-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/160726/URVE-Software-Build-24.03.2020-Information-Disclosure.html" } ] } diff --git a/2020/29xxx/CVE-2020-29551.json b/2020/29xxx/CVE-2020-29551.json index 9727ecdbedd..f115b5ddfaf 100644 --- a/2020/29xxx/CVE-2020-29551.json +++ b/2020/29xxx/CVE-2020-29551.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20201225 SYSS-2020-041 Urve - Missing Authorization (CWE-862)", "url": "http://seclists.org/fulldisclosure/2020/Dec/48" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160725/URVE-Software-Build-24.03.2020-Missing-Authorization.html", + "url": "http://packetstormsecurity.com/files/160725/URVE-Software-Build-24.03.2020-Missing-Authorization.html" } ] } diff --git a/2020/29xxx/CVE-2020-29552.json b/2020/29xxx/CVE-2020-29552.json index a03d987c823..a3326c385d0 100644 --- a/2020/29xxx/CVE-2020-29552.json +++ b/2020/29xxx/CVE-2020-29552.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20201225 SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306)", "url": "http://seclists.org/fulldisclosure/2020/Dec/47" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160722/URVE-Software-Build-24.03.2020-Authentication-Bypass-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/160722/URVE-Software-Build-24.03.2020-Authentication-Bypass-Remote-Code-Execution.html" } ] }