From cc91534e139546470a2198061d90d8a22ae5aa5d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 23 Nov 2020 20:01:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/5xxx/CVE-2015-5436.json | 50 ++++++++++++++++++++++++++-- 2020/15xxx/CVE-2020-15246.json | 2 +- 2020/15xxx/CVE-2020-15247.json | 2 +- 2020/15xxx/CVE-2020-15248.json | 2 +- 2020/15xxx/CVE-2020-15249.json | 12 +++---- 2020/26xxx/CVE-2020-26239.json | 2 +- 2020/27xxx/CVE-2020-27553.json | 2 +- 2020/28xxx/CVE-2020-28927.json | 61 ++++++++++++++++++++++++++++++---- 2020/28xxx/CVE-2020-28983.json | 18 ++++++++++ 9 files changed, 131 insertions(+), 20 deletions(-) create mode 100644 2020/28xxx/CVE-2020-28983.json diff --git a/2015/5xxx/CVE-2015-5436.json b/2015/5xxx/CVE-2015-5436.json index 44942e2f909..fd07db6958f 100644 --- a/2015/5xxx/CVE-2015-5436.json +++ b/2015/5xxx/CVE-2015-5436.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-5436", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP Integrated Lights-Out 4 (iLO 4) ", + "version": { + "version_data": [ + { + "version_value": "firmware version 2.11 and later, but prior to version 2.30" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "emote Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + "value": "A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020." } ] } diff --git a/2020/15xxx/CVE-2020-15246.json b/2020/15xxx/CVE-2020-15246.json index 9ad05bb9256..3bf73dd0f7a 100644 --- a/2020/15xxx/CVE-2020-15246.json +++ b/2020/15xxx/CVE-2020-15246.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request.\n\nIssue has been patched in Build 469 (v1.0.469) and v1.1.0.\n" + "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0." } ] }, diff --git a/2020/15xxx/CVE-2020-15247.json b/2020/15xxx/CVE-2020-15247.json index 18c9b26227a..50c5ccc5d3c 100644 --- a/2020/15xxx/CVE-2020-15247.json +++ b/2020/15xxx/CVE-2020-15247.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP.\n\nThis is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP.\n\nIssue has been patched in Build 469 (v1.0.469) and v1.1.0." + "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0." } ] }, diff --git a/2020/15xxx/CVE-2020-15248.json b/2020/15xxx/CVE-2020-15248.json index 4d8a396a2e2..c0e092dacc3 100644 --- a/2020/15xxx/CVE-2020-15248.json +++ b/2020/15xxx/CVE-2020-15248.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default \"Publisher\" system role have access to create & manage users where they can choose which role the new user has. This means that a user with \"Publisher\" access has the ability to escalate their access to \"Developer\" access. \n\nIssue has been patched in Build 470 (v1.0.470) & v1.1.1." + "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default \"Publisher\" system role have access to create & manage users where they can choose which role the new user has. This means that a user with \"Publisher\" access has the ability to escalate their access to \"Developer\" access. Issue has been patched in Build 470 (v1.0.470) & v1.1.1." } ] }, diff --git a/2020/15xxx/CVE-2020-15249.json b/2020/15xxx/CVE-2020-15249.json index 24940b47dff..2ba03b3ab05 100644 --- a/2020/15xxx/CVE-2020-15249.json +++ b/2020/15xxx/CVE-2020-15249.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under the website's domain (i.e. /storage/app/media/evil.svg), but they would have to convince their target to visit that location directly in the target's browser as the backend does not display SVGs inline anywhere, SVGs are only displayed as image resources in the backend and are thus unable to be executed.\n\nIssue has been patched in Build 469 (v1.0.469) & v1.1.0." + "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under the website's domain (i.e. /storage/app/media/evil.svg), but they would have to convince their target to visit that location directly in the target's browser as the backend does not display SVGs inline anywhere, SVGs are only displayed as image resources in the backend and are thus unable to be executed. Issue has been patched in Build 469 (v1.0.469) & v1.1.0." } ] }, @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/octobercms/october/security/advisories/GHSA-fx3v-553x-3c4q", - "refsource": "CONFIRM", - "url": "https://github.com/octobercms/october/security/advisories/GHSA-fx3v-553x-3c4q" - }, { "name": "https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4", "refsource": "MISC", "url": "https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4" + }, + { + "name": "https://github.com/octobercms/october/security/advisories/GHSA-fx3v-553x-3c4q", + "refsource": "CONFIRM", + "url": "https://github.com/octobercms/october/security/advisories/GHSA-fx3v-553x-3c4q" } ] }, diff --git a/2020/26xxx/CVE-2020-26239.json b/2020/26xxx/CVE-2020-26239.json index dd726f33f11..df7df8a2dd6 100644 --- a/2020/26xxx/CVE-2020-26239.json +++ b/2020/26xxx/CVE-2020-26239.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS.\n\nIf the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escaped values to be unescaped, leading to XSS.\n\nScratch Addons version 1.3.2 fixes the bug. The extension will be automatically updated by the browser.\n\nMore Links addon can be disabled via the option of the extension." + "value": "Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escaped values to be unescaped, leading to XSS. Scratch Addons version 1.3.2 fixes the bug. The extension will be automatically updated by the browser. More Links addon can be disabled via the option of the extension." } ] }, diff --git a/2020/27xxx/CVE-2020-27553.json b/2020/27xxx/CVE-2020-27553.json index cf384829d99..6b831d2dcb0 100644 --- a/2020/27xxx/CVE-2020-27553.json +++ b/2020/27xxx/CVE-2020-27553.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information." + "value": "In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option \u201cDocumentRoot /etc\u201c. This allows an attacker with network access to the web-server to download any files from the \u201c/etc\u201d folder without authentication. No path traversal sequences are needed to exploit this vulnerability." } ] }, diff --git a/2020/28xxx/CVE-2020-28927.json b/2020/28xxx/CVE-2020-28927.json index d5b837b71bf..e45cb0a8402 100644 --- a/2020/28xxx/CVE-2020-28927.json +++ b/2020/28xxx/CVE-2020-28927.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28927", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28927", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://magicpin.in", + "refsource": "MISC", + "name": "https://magicpin.in" + }, + { + "refsource": "MISC", + "name": "https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bb", + "url": "https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bb" } ] } diff --git a/2020/28xxx/CVE-2020-28983.json b/2020/28xxx/CVE-2020-28983.json new file mode 100644 index 00000000000..17dd2332e60 --- /dev/null +++ b/2020/28xxx/CVE-2020-28983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file