diff --git a/2019/12xxx/CVE-2019-12000.json b/2019/12xxx/CVE-2019-12000.json index ccc9922accd..1478ecc2ea5 100644 --- a/2019/12xxx/CVE-2019-12000.json +++ b/2019/12xxx/CVE-2019-12000.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HPE", + "product": { + "product_data": [ + { + "product_name": "HPE MSE Msg Gw application E-LTU", + "version": { + "version_data": [ + { + "version_value": "prior to version 3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote access restriction bypass; remote user validation failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03979en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03979en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide." } ] } diff --git a/2020/10xxx/CVE-2020-10605.json b/2020/10xxx/CVE-2020-10605.json index a5f476d7048..405b6239e19 100644 --- a/2020/10xxx/CVE-2020-10605.json +++ b/2020/10xxx/CVE-2020-10605.json @@ -1,18 +1,69 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2020-07-07T15:00:00.000Z", "ID": "CVE-2020-10605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Grundfos", + "product": { + "product_data": [ + { + "product_name": "CIM 500", + "version": { + "version_data": [ + { + "version_value": "before v06.16.00" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5741.json b/2020/5xxx/CVE-2020-5741.json index ed543b1bcaa..d3fb5d08aae 100644 --- a/2020/5xxx/CVE-2020-5741.json +++ b/2020/5xxx/CVE-2020-5741.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2020-32", "url": "https://www.tenable.com/security/research/tra-2020-32" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5767.json b/2020/5xxx/CVE-2020-5767.json index 7c1911e29ee..14ea5d0f25c 100644 --- a/2020/5xxx/CVE-2020-5767.json +++ b/2020/5xxx/CVE-2020-5767.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Icegram Email Subscribers & Newsletters Plugin for WordPress", + "version": { + "version_data": [ + { + "version_value": "4.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/research/tra-2020-44-0", + "url": "https://www.tenable.com/security/research/tra-2020-44-0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link." } ] } diff --git a/2020/5xxx/CVE-2020-5768.json b/2020/5xxx/CVE-2020-5768.json index ee8a73f5575..d22a57160f7 100644 --- a/2020/5xxx/CVE-2020-5768.json +++ b/2020/5xxx/CVE-2020-5768.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Icegram Email Subscribers & Newsletters Plugin for WordPress", + "version": { + "version_data": [ + { + "version_value": "4.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/research/tra-2020-44-0", + "url": "https://www.tenable.com/security/research/tra-2020-44-0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields." } ] } diff --git a/2020/5xxx/CVE-2020-5769.json b/2020/5xxx/CVE-2020-5769.json index 81ab870c7ab..ae6c7ab6b01 100644 --- a/2020/5xxx/CVE-2020-5769.json +++ b/2020/5xxx/CVE-2020-5769.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Teltonika Gateway TRB245", + "version": { + "version_data": [ + { + "version_value": "TRB2_R_00.02.02 firmware" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated Stored Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/research/tra-2020-43-0", + "url": "https://www.tenable.com/security/research/tra-2020-43-0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section." } ] } diff --git a/2020/7xxx/CVE-2020-7206.json b/2020/7xxx/CVE-2020-7206.json index 2ad46bd0228..498fe417915 100644 --- a/2020/7xxx/CVE-2020-7206.json +++ b/2020/7xxx/CVE-2020-7206.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "nagios-plugins-ilo", + "version": { + "version_data": [ + { + "version_value": "1.50 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677", + "url": "https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability." } ] } diff --git a/2020/7xxx/CVE-2020-7818.json b/2020/7xxx/CVE-2020-7818.json index 5c2479d7193..88a135d5edd 100644 --- a/2020/7xxx/CVE-2020-7818.json +++ b/2020/7xxx/CVE-2020-7818.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2020-07-17T07:18:00.000Z", "ID": "CVE-2020-7818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DaviewIndy Heap Overflow Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanTolk Co.Ltd", + "product": { + "product_data": [ + { + "product_name": "DaviewIndy", + "version": { + "version_data": [ + { + "version_value": "8.98.9 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks for Namjun-Jo for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.hmtalk.com/", + "name": "https://www.hmtalk.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35521", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35521" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update software over DaviewIndy 8.99.2 version or higher.\n" + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file