From bd1b5f6d5a9c72ed95465f1108db06ad590f9119 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Apr 2020 19:01:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/1xxx/CVE-2016-1421.json | 5 +++ 2019/12xxx/CVE-2019-12521.json | 56 ++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12522.json | 56 ++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12524.json | 56 ++++++++++++++++++++++++--- 2019/13xxx/CVE-2019-13939.json | 5 +++ 2019/20xxx/CVE-2019-20651.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20652.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20653.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20654.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20655.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20656.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20657.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20658.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20659.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20660.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20661.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20662.json | 70 +++++++++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20663.json | 70 +++++++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10611.json | 50 ++++++++++++++++++++++-- 2020/10xxx/CVE-2020-10613.json | 50 ++++++++++++++++++++++-- 2020/10xxx/CVE-2020-10615.json | 50 ++++++++++++++++++++++-- 2020/11xxx/CVE-2020-11799.json | 62 ++++++++++++++++++++++++++++++ 2020/11xxx/CVE-2020-11800.json | 18 +++++++++ 2020/5xxx/CVE-2020-5346.json | 43 +++++++++++---------- 2020/5xxx/CVE-2020-5350.json | 43 +++++++++++---------- 2020/6xxx/CVE-2020-6996.json | 50 ++++++++++++++++++++++-- 26 files changed, 1304 insertions(+), 150 deletions(-) create mode 100644 2020/11xxx/CVE-2020-11799.json create mode 100644 2020/11xxx/CVE-2020-11800.json diff --git a/2016/1xxx/CVE-2016-1421.json b/2016/1xxx/CVE-2016-1421.json index fb191529517..c887883cb26 100644 --- a/2016/1xxx/CVE-2016-1421.json +++ b/2016/1xxx/CVE-2016-1421.json @@ -61,6 +61,11 @@ "refsource": "CISCO", "name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-24", + "url": "https://www.tenable.com/security/research/tra-2020-24" } ] } diff --git a/2019/12xxx/CVE-2019-12521.json b/2019/12xxx/CVE-2019-12521.json index 4817c849148..631489fe842 100644 --- a/2019/12xxx/CVE-2019-12521.json +++ b/2019/12xxx/CVE-2019-12521.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12521", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12521", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt", + "url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt" } ] } diff --git a/2019/12xxx/CVE-2019-12522.json b/2019/12xxx/CVE-2019-12522.json index 790961a64fa..e6481cbd336 100644 --- a/2019/12xxx/CVE-2019-12522.json +++ b/2019/12xxx/CVE-2019-12522.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12522", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12522", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt", + "url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt" } ] } diff --git a/2019/12xxx/CVE-2019-12524.json b/2019/12xxx/CVE-2019-12524.json index a2c906d6cf5..4d198c87e9d 100644 --- a/2019/12xxx/CVE-2019-12524.json +++ b/2019/12xxx/CVE-2019-12524.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12524", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12524", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt", + "url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt" } ] } diff --git a/2019/13xxx/CVE-2019-13939.json b/2019/13xxx/CVE-2019-13939.json index b597ec3b669..6d992203fb5 100644 --- a/2019/13xxx/CVE-2019-13939.json +++ b/2019/13xxx/CVE-2019-13939.json @@ -103,6 +103,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-06" } ] }, diff --git a/2019/20xxx/CVE-2019-20651.json b/2019/20xxx/CVE-2019-20651.json index 485fe6ff5b1..683cdd16ec1 100644 --- a/2019/20xxx/CVE-2019-20651.json +++ b/2019/20xxx/CVE-2019-20651.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20651", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20651", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061491/Security-Advisory-for-Post-Authentication-Command-Injection-on-WAC505-and-WAC510-PSV-2019-0176", + "url": "https://kb.netgear.com/000061491/Security-Advisory-for-Post-Authentication-Command-Injection-on-WAC505-and-WAC510-PSV-2019-0176" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:H/I:H/PR:H/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20652.json b/2019/20xxx/CVE-2019-20652.json index d74ada7af9f..50a0a7c4828 100644 --- a/2019/20xxx/CVE-2019-20652.json +++ b/2019/20xxx/CVE-2019-20652.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20652", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20652", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061489/Security-Advisory-for-Sensitive-Information-Disclosure-on-WAC505-PSV-2019-0086", + "url": "https://kb.netgear.com/000061489/Security-Advisory-for-Sensitive-Information-Disclosure-on-WAC505-PSV-2019-0086" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:L/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20653.json b/2019/20xxx/CVE-2019-20653.json index 5da71a69983..c6778e17c4c 100644 --- a/2019/20xxx/CVE-2019-20653.json +++ b/2019/20xxx/CVE-2019-20653.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20653", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20653", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061488/Security-Advisory-for-Denial-of-Service-on-WAC505-and-WAC510-PSV-2019-0083", + "url": "https://kb.netgear.com/000061488/Security-Advisory-for-Denial-of-Service-on-WAC505-and-WAC510-PSV-2019-0083" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:N/I:N/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20654.json b/2019/20xxx/CVE-2019-20654.json index 7c2e1046c02..c6b3a99d7bf 100644 --- a/2019/20xxx/CVE-2019-20654.json +++ b/2019/20xxx/CVE-2019-20654.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20654", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20654", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061487/Security-Advisory-for-Security-Misconfiguration-on-WAC505-and-WAC510-PSV-2019-0061", + "url": "https://kb.netgear.com/000061487/Security-Advisory-for-Security-Misconfiguration-on-WAC505-and-WAC510-PSV-2019-0061" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20655.json b/2019/20xxx/CVE-2019-20655.json index 8b118190590..8141a49ad15 100644 --- a/2019/20xxx/CVE-2019-20655.json +++ b/2019/20xxx/CVE-2019-20655.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20655", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061484/Security-Advisory-for-Post-Authentication-Command-Injection-on-XR500-and-XR700-PSV-2019-0026", + "url": "https://kb.netgear.com/000061484/Security-Advisory-for-Post-Authentication-Command-Injection-on-XR500-and-XR700-PSV-2019-0026" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:L/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20656.json b/2019/20xxx/CVE-2019-20656.json index 2022277ef1d..f2988749ef0 100644 --- a/2019/20xxx/CVE-2019-20656.json +++ b/2019/20xxx/CVE-2019-20656.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20656", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20656", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by a a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061483/Security-Advisory-for-Hardcoded-Password-on-Some-Routers-and-Gateways-PSV-2018-0623", + "url": "https://kb.netgear.com/000061483/Security-Advisory-for-Hardcoded-Password-on-Some-Routers-and-Gateways-PSV-2018-0623" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:A/A:N/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20657.json b/2019/20xxx/CVE-2019-20657.json index 31128d44386..b808135cd1e 100644 --- a/2019/20xxx/CVE-2019-20657.json +++ b/2019/20xxx/CVE-2019-20657.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20657", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20657", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061482/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0619", + "url": "https://kb.netgear.com/000061482/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0619" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20658.json b/2019/20xxx/CVE-2019-20658.json index ae28bfcd32f..4d9f3d2f61f 100644 --- a/2019/20xxx/CVE-2019-20658.json +++ b/2019/20xxx/CVE-2019-20658.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20658", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20658", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612", + "url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20659.json b/2019/20xxx/CVE-2019-20659.json index 2c286c22d21..9b2b740b91b 100644 --- a/2019/20xxx/CVE-2019-20659.json +++ b/2019/20xxx/CVE-2019-20659.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20659", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20659", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061480/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0567", + "url": "https://kb.netgear.com/000061480/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0567" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:A/A:L/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20660.json b/2019/20xxx/CVE-2019-20660.json index c606d5dd0a0..a4b5c5d18f8 100644 --- a/2019/20xxx/CVE-2019-20660.json +++ b/2019/20xxx/CVE-2019-20660.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20660", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20660", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061479/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0562", + "url": "https://kb.netgear.com/000061479/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0562" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20661.json b/2019/20xxx/CVE-2019-20661.json index 0bc32e86083..66c0f9ea9a6 100644 --- a/2019/20xxx/CVE-2019-20661.json +++ b/2019/20xxx/CVE-2019-20661.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20661", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20661", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0561", + "url": "https://kb.netgear.com/000061478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0561" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20662.json b/2019/20xxx/CVE-2019-20662.json index 91cbc8b7968..d57cbc01bd5 100644 --- a/2019/20xxx/CVE-2019-20662.json +++ b/2019/20xxx/CVE-2019-20662.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061477/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0560", + "url": "https://kb.netgear.com/000061477/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0560" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20663.json b/2019/20xxx/CVE-2019-20663.json index eb9c83e7066..70910fbc020 100644 --- a/2019/20xxx/CVE-2019-20663.json +++ b/2019/20xxx/CVE-2019-20663.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20663", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20663", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://kb.netgear.com/000061476/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0559", + "url": "https://kb.netgear.com/000061476/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0559" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10611.json b/2020/10xxx/CVE-2020-10611.json index c3c53cedc45..3246dbc3c4b 100644 --- a/2020/10xxx/CVE-2020-10611.json +++ b/2020/10xxx/CVE-2020-10611.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122", + "version": { + "version_data": [ + { + "version_value": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets." } ] } diff --git a/2020/10xxx/CVE-2020-10613.json b/2020/10xxx/CVE-2020-10613.json index f3ca3297851..1930d90f882 100644 --- a/2020/10xxx/CVE-2020-10613.json +++ b/2020/10xxx/CVE-2020-10613.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122", + "version": { + "version_data": [ + { + "version_value": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets." } ] } diff --git a/2020/10xxx/CVE-2020-10615.json b/2020/10xxx/CVE-2020-10615.json index 44be490fd87..b9d85b2996a 100644 --- a/2020/10xxx/CVE-2020-10615.json +++ b/2020/10xxx/CVE-2020-10615.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122", + "version": { + "version_data": [ + { + "version_value": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability." } ] } diff --git a/2020/11xxx/CVE-2020-11799.json b/2020/11xxx/CVE-2020-11799.json new file mode 100644 index 00000000000..257857de566 --- /dev/null +++ b/2020/11xxx/CVE-2020-11799.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.spookysec.net/zcron/", + "url": "https://blog.spookysec.net/zcron/" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11800.json b/2020/11xxx/CVE-2020-11800.json new file mode 100644 index 00000000000..1cf8c3db9ed --- /dev/null +++ b/2020/11xxx/CVE-2020-11800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5346.json b/2020/5xxx/CVE-2020-5346.json index 65190eb0d88..3b041d71c02 100644 --- a/2020/5xxx/CVE-2020-5346.json +++ b/2020/5xxx/CVE-2020-5346.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2020-03-23", - "ID": "CVE-2020-5346", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-03-23", + "ID": "CVE-2020-5346", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "RSA Authentication Manager", + "product_name": "RSA Authentication Manager", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "AM 8.4 patch P11" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser." } ] - }, + }, "impact": { "cvss": { - "baseScore": 4.8, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/security/en-us/details/DOC-111347/DSA-2020-066-RSA%C2%AE-Authentication-Manager-Stored-Cross-Site-Scripting" + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/DOC-111347/DSA-2020-066-RSA%C2%AE-Authentication-Manager-Stored-Cross-Site-Scripting", + "name": "https://www.dell.com/support/security/en-us/details/DOC-111347/DSA-2020-066-RSA%C2%AE-Authentication-Manager-Stored-Cross-Site-Scripting" } ] } diff --git a/2020/5xxx/CVE-2020-5350.json b/2020/5xxx/CVE-2020-5350.json index 7633d38f2b2..4ba86ad7f97 100644 --- a/2020/5xxx/CVE-2020-5350.json +++ b/2020/5xxx/CVE-2020-5350.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2020-03-31", - "ID": "CVE-2020-5350", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-03-31", + "ID": "CVE-2020-5350", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Integrated Data Protection Appliance", + "product_name": "Integrated Data Protection Appliance", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "2.0, 2.1, 2.2, 2.3, 2.4 " } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.9, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", + "baseScore": 7.9, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability" + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability", + "name": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability" } ] } diff --git a/2020/6xxx/CVE-2020-6996.json b/2020/6xxx/CVE-2020-6996.json index db0f6e2584f..2d914ca231f 100644 --- a/2020/6xxx/CVE-2020-6996.json +++ b/2020/6xxx/CVE-2020-6996.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01", + "version": { + "version_data": [ + { + "version_value": "Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this vulnerability." } ] }