From bd5001a97ba193195edfeb8d3eefe1d210bb5197 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 4 Feb 2021 07:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13579.json | 50 ++++++++++++++++++++++++++++-- 2020/13xxx/CVE-2020-13580.json | 50 ++++++++++++++++++++++++++++-- 2020/13xxx/CVE-2020-13586.json | 50 ++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14245.json | 56 ++++++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14246.json | 56 ++++++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14247.json | 56 ++++++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27247.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27248.json | 50 ++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27249.json | 50 ++++++++++++++++++++++++++++-- 2020/6xxx/CVE-2020-6088.json | 50 ++++++++++++++++++++++++++++-- 10 files changed, 488 insertions(+), 30 deletions(-) diff --git a/2020/13xxx/CVE-2020-13579.json b/2020/13xxx/CVE-2020-13579.json index 7ff6ca4fb09..f9484f5fe2a 100644 --- a/2020/13xxx/CVE-2020-13579.json +++ b/2020/13xxx/CVE-2020-13579.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Softmaker Software", + "version": { + "version_data": [ + { + "version_value": "GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1190", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1190" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021\u2019s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability." } ] } diff --git a/2020/13xxx/CVE-2020-13580.json b/2020/13xxx/CVE-2020-13580.json index de12181112d..c7841332c27 100644 --- a/2020/13xxx/CVE-2020-13580.json +++ b/2020/13xxx/CVE-2020-13580.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Softmaker Software", + "version": { + "version_data": [ + { + "version_value": "GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1191", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1191" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021\u2019s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability." } ] } diff --git a/2020/13xxx/CVE-2020-13586.json b/2020/13xxx/CVE-2020-13586.json index 5a2dcb355f1..ec6f50cd21a 100644 --- a/2020/13xxx/CVE-2020-13586.json +++ b/2020/13xxx/CVE-2020-13586.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Softmaker", + "version": { + "version_data": [ + { + "version_value": "SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1197", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1197" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2020/14xxx/CVE-2020-14245.json b/2020/14xxx/CVE-2020-14245.json index ce0777edc62..2a9edc1e06f 100644 --- a/2020/14xxx/CVE-2020-14245.json +++ b/2020/14xxx/CVE-2020-14245.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14245", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL OneTest UI", + "version": { + "version_data": [ + { + "version_value": "V9.5" + }, + { + "version_value": "V10.0" + }, + { + "version_value": "V10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Missing authentication\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086622", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086622" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources." } ] } diff --git a/2020/14xxx/CVE-2020-14246.json b/2020/14xxx/CVE-2020-14246.json index f57a540199a..066d45719a8 100644 --- a/2020/14xxx/CVE-2020-14246.json +++ b/2020/14xxx/CVE-2020-14246.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL OneTest Performance", + "version": { + "version_data": [ + { + "version_value": "V9.5" + }, + { + "version_value": "V10.0" + }, + { + "version_value": "V10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Weak authentication\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086470", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086470" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials." } ] } diff --git a/2020/14xxx/CVE-2020-14247.json b/2020/14xxx/CVE-2020-14247.json index 2bd691597c2..da36d1bb07e 100644 --- a/2020/14xxx/CVE-2020-14247.json +++ b/2020/14xxx/CVE-2020-14247.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL OneTest Performance", + "version": { + "version_data": [ + { + "version_value": "V9.5" + }, + { + "version_value": "V10.0" + }, + { + "version_value": "V10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Inadequate session timeout\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086469", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086469" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID." } ] } diff --git a/2020/27xxx/CVE-2020-27247.json b/2020/27xxx/CVE-2020-27247.json index a4409d129ad..8e5c981bde8 100644 --- a/2020/27xxx/CVE-2020-27247.json +++ b/2020/27xxx/CVE-2020-27247.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Softmaker", + "version": { + "version_data": [ + { + "version_value": "SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1210", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1210" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)." } ] } diff --git a/2020/27xxx/CVE-2020-27248.json b/2020/27xxx/CVE-2020-27248.json index ed8227231ba..9814f15b3eb 100644 --- a/2020/27xxx/CVE-2020-27248.json +++ b/2020/27xxx/CVE-2020-27248.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Softmaker", + "version": { + "version_data": [ + { + "version_value": "SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1210", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1210" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)." } ] } diff --git a/2020/27xxx/CVE-2020-27249.json b/2020/27xxx/CVE-2020-27249.json index 76104a773ea..8f0e20d28cb 100644 --- a/2020/27xxx/CVE-2020-27249.json +++ b/2020/27xxx/CVE-2020-27249.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Softmaker", + "version": { + "version_data": [ + { + "version_value": "SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1210", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1210" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)." } ] } diff --git a/2020/6xxx/CVE-2020-6088.json b/2020/6xxx/CVE-2020-6088.json index 79334cba552..eb7a88b1636 100644 --- a/2020/6xxx/CVE-2020-6088.json +++ b/2020/6xxx/CVE-2020-6088.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Allen-Bradley", + "version": { + "version_data": [ + { + "version_value": "Allen-Bradley Flex IO 1794-AENT/B 4.003" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1008", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1008" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability." } ] }