From c7324a06021a719e9475a65bff1a584719af4a47 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 1 Dec 2020 15:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14934.json | 5 +++ 2020/20xxx/CVE-2020-20740.json | 5 +++ 2020/25xxx/CVE-2020-25177.json | 50 ++++++++++++++++++++++++++++-- 2020/25xxx/CVE-2020-25181.json | 50 ++++++++++++++++++++++++++++-- 2020/25xxx/CVE-2020-25537.json | 5 +++ 2020/26xxx/CVE-2020-26762.json | 56 ++++++++++++++++++++++++++++++---- 2020/7xxx/CVE-2020-7533.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7545.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7546.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7547.json | 50 ++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7548.json | 50 ++++++++++++++++++++++++++++-- 11 files changed, 394 insertions(+), 27 deletions(-) diff --git a/2019/14xxx/CVE-2019-14934.json b/2019/14xxx/CVE-2019-14934.json index 008a783470c..5a5dfb7ac2c 100644 --- a/2019/14xxx/CVE-2019-14934.json +++ b/2019/14xxx/CVE-2019-14934.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b20614ff74", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y243C2IFMRFQWHV62JCSHTMQGDDCICNF/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2475-1] pdfresurrect security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html" } ] } diff --git a/2020/20xxx/CVE-2020-20740.json b/2020/20xxx/CVE-2020-20740.json index ac5046569d4..bc311104b46 100644 --- a/2020/20xxx/CVE-2020-20740.json +++ b/2020/20xxx/CVE-2020-20740.json @@ -61,6 +61,11 @@ "url": "https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397", "refsource": "MISC", "name": "https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2475-1] pdfresurrect security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html" } ] } diff --git a/2020/25xxx/CVE-2020-25177.json b/2020/25xxx/CVE-2020-25177.json index fb0605e6acc..6c8179cfd00 100644 --- a/2020/25xxx/CVE-2020-25177.json +++ b/2020/25xxx/CVE-2020-25177.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WECON PLC Editor", + "version": { + "version_data": [ + { + "version_value": "PLC Editor Versions 1.3.8 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution." } ] } diff --git a/2020/25xxx/CVE-2020-25181.json b/2020/25xxx/CVE-2020-25181.json index ec32e724325..7cca5a3a5e5 100644 --- a/2020/25xxx/CVE-2020-25181.json +++ b/2020/25xxx/CVE-2020-25181.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WECON PLC Editor", + "version": { + "version_data": [ + { + "version_value": "PLC Editor Versions 1.3.8 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-310-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution." } ] } diff --git a/2020/25xxx/CVE-2020-25537.json b/2020/25xxx/CVE-2020-25537.json index 7e0f632f084..53e842ea920 100644 --- a/2020/25xxx/CVE-2020-25537.json +++ b/2020/25xxx/CVE-2020-25537.json @@ -56,6 +56,11 @@ "url": "https://sunian19.github.io/2020/09/11/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability/", "refsource": "MISC", "name": "https://sunian19.github.io/2020/09/11/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/BigTiger2020/UCMS/blob/main/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability%20get%20shell.md", + "url": "https://github.com/BigTiger2020/UCMS/blob/main/UCMS%20v1.5.0%20Arbitrary%20file%20upload%20vulnerability%20get%20shell.md" } ] } diff --git a/2020/26xxx/CVE-2020-26762.json b/2020/26xxx/CVE-2020-26762.json index c21350d609e..4dc89a9f10e 100644 --- a/2020/26xxx/CVE-2020-26762.json +++ b/2020/26xxx/CVE-2020-26762.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26762", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26762", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.edimax.com/edimax/download/download/data/edimax/de/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3116w", + "url": "https://www.edimax.com/edimax/download/download/data/edimax/de/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3116w" } ] } diff --git a/2020/7xxx/CVE-2020-7533.json b/2020/7xxx/CVE-2020-7533.json index 02cb719703d..951109456fc 100644 --- a/2020/7xxx/CVE-2020-7533.json +++ b/2020/7xxx/CVE-2020-7533.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)", + "version": { + "version_data": [ + { + "version_value": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255: Credentials Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests." } ] } diff --git a/2020/7xxx/CVE-2020-7545.json b/2020/7xxx/CVE-2020-7545.json index 95957a3f047..4dac5bb6a2d 100644 --- a/2020/7xxx/CVE-2020-7545.json +++ b/2020/7xxx/CVE-2020-7545.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284:Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage." } ] } diff --git a/2020/7xxx/CVE-2020-7546.json b/2020/7xxx/CVE-2020-7546.json index fad54c90811..c957166afcc 100644 --- a/2020/7xxx/CVE-2020-7546.json +++ b/2020/7xxx/CVE-2020-7546.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage." } ] } diff --git a/2020/7xxx/CVE-2020-7547.json b/2020/7xxx/CVE-2020-7547.json index fcf916edb27..0d45990e453 100644 --- a/2020/7xxx/CVE-2020-7547.json +++ b/2020/7xxx/CVE-2020-7547.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284:Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level." } ] } diff --git a/2020/7xxx/CVE-2020-7548.json b/2020/7xxx/CVE-2020-7548.json index 4cee966e3a5..cb68de9bd72 100644 --- a/2020/7xxx/CVE-2020-7548.json +++ b/2020/7xxx/CVE-2020-7548.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information)", + "version": { + "version_data": [ + { + "version_value": "Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330 - Use of Insufficiently Random Values" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-03/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-03/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login." } ] }