diff --git a/2020/13xxx/CVE-2020-13976.json b/2020/13xxx/CVE-2020-13976.json new file mode 100644 index 00000000000..ab6d982a9c4 --- /dev/null +++ b/2020/13xxx/CVE-2020-13976.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://svn.dd-wrt.com/ticket/7039", + "refsource": "MISC", + "name": "https://svn.dd-wrt.com/ticket/7039" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13977.json b/2020/13xxx/CVE-2020-13977.json new file mode 100644 index 00000000000..14529c958f7 --- /dev/null +++ b/2020/13xxx/CVE-2020-13977.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://anhtai.me/nagios-core-4-4-5-url-injection/", + "refsource": "MISC", + "name": "https://anhtai.me/nagios-core-4-4-5-url-injection/" + }, + { + "url": "https://www.nagios.org/projects/nagios-core/history/4x/", + "refsource": "MISC", + "name": "https://www.nagios.org/projects/nagios-core/history/4x/" + }, + { + "url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix", + "refsource": "MISC", + "name": "https://github.com/sawolf/nagioscore/tree/url-injection-fix" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13978.json b/2020/13xxx/CVE-2020-13978.json new file mode 100644 index 00000000000..3990a92c869 --- /dev/null +++ b/2020/13xxx/CVE-2020-13978.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/monstra-cms/monstra/issues/464", + "refsource": "MISC", + "name": "https://github.com/monstra-cms/monstra/issues/464" + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13979.json b/2020/13xxx/CVE-2020-13979.json new file mode 100644 index 00000000000..c5bed88245f --- /dev/null +++ b/2020/13xxx/CVE-2020-13979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13980.json b/2020/13xxx/CVE-2020-13980.json new file mode 100644 index 00000000000..c129db8825e --- /dev/null +++ b/2020/13xxx/CVE-2020-13980.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-13980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states \"this is not a massive issue as you are still required to be logged into the admin.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opencart/opencart/issues/7974", + "refsource": "MISC", + "name": "https://github.com/opencart/opencart/issues/7974" + } + ] + } +} \ No newline at end of file