From cd8935ea8dcc94d2bc340d16331f2ad31978be16 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Nov 2020 17:01:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/26xxx/CVE-2020-26554.json | 61 ++++++++++++++++++++++++--- 2020/26xxx/CVE-2020-26933.json | 75 +++++++++++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28091.json | 56 ++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28362.json | 61 ++++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28366.json | 66 +++++++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28367.json | 66 +++++++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28926.json | 18 ++++++++ 2020/28xxx/CVE-2020-28927.json | 18 ++++++++ 2020/7xxx/CVE-2020-7032.json | 5 +++ 9 files changed, 390 insertions(+), 36 deletions(-) create mode 100644 2020/28xxx/CVE-2020-28926.json create mode 100644 2020/28xxx/CVE-2020-28927.json diff --git a/2020/26xxx/CVE-2020-26554.json b/2020/26xxx/CVE-2020-26554.json index a47b123d8ca..c7ec0528245 100644 --- a/2020/26xxx/CVE-2020-26554.json +++ b/2020/26xxx/CVE-2020-26554.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26554", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26554", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160077/MailDepot-2033-2.3.3022-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/160077/MailDepot-2033-2.3.3022-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/pentest-blog/syss-2020-037-persistent-cross-site-scripting-schwachstelle-in-reddoxx-maildepot", + "url": "https://www.syss.de/pentest-blog/syss-2020-037-persistent-cross-site-scripting-schwachstelle-in-reddoxx-maildepot" } ] } diff --git a/2020/26xxx/CVE-2020-26933.json b/2020/26xxx/CVE-2020-26933.json index 3d9bf4cf445..5021885cdd9 100644 --- a/2020/26xxx/CVE-2020-26933.json +++ b/2020/26xxx/CVE-2020-26933.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26933", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26933", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://trustedcomputinggroup.org/about/security/", + "url": "https://trustedcomputinggroup.org/about/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf", + "url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28091.json b/2020/28xxx/CVE-2020-28091.json index 6671a625354..194f1af3494 100644 --- a/2020/28xxx/CVE-2020-28091.json +++ b/2020/28xxx/CVE-2020-28091.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28091", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28091", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/cbkhwx/cxuucmsv3/issues/1", + "url": "https://github.com/cbkhwx/cxuucmsv3/issues/1" } ] } diff --git a/2020/28xxx/CVE-2020-28362.json b/2020/28xxx/CVE-2020-28362.json index 517da3333ee..e9505964d94 100644 --- a/2020/28xxx/CVE-2020-28362.json +++ b/2020/28xxx/CVE-2020-28362.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28362", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28362", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5", + "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI", + "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI" } ] } diff --git a/2020/28xxx/CVE-2020-28366.json b/2020/28xxx/CVE-2020-28366.json index 987c92ff4d7..4beecc407ef 100644 --- a/2020/28xxx/CVE-2020-28366.json +++ b/2020/28xxx/CVE-2020-28366.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28366", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28366", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5", + "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM", + "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" + }, + { + "refsource": "MISC", + "name": "https://github.com/golang/go/issues/42559", + "url": "https://github.com/golang/go/issues/42559" } ] } diff --git a/2020/28xxx/CVE-2020-28367.json b/2020/28xxx/CVE-2020-28367.json index 747e2d09ebd..fc63da98fd2 100644 --- a/2020/28xxx/CVE-2020-28367.json +++ b/2020/28xxx/CVE-2020-28367.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28367", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28367", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5", + "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM", + "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" + }, + { + "refsource": "MISC", + "name": "https://github.com/golang/go/issues/42556", + "url": "https://github.com/golang/go/issues/42556" } ] } diff --git a/2020/28xxx/CVE-2020-28926.json b/2020/28xxx/CVE-2020-28926.json new file mode 100644 index 00000000000..34854445874 --- /dev/null +++ b/2020/28xxx/CVE-2020-28926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28927.json b/2020/28xxx/CVE-2020-28927.json new file mode 100644 index 00000000000..d5b837b71bf --- /dev/null +++ b/2020/28xxx/CVE-2020-28927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7032.json b/2020/7xxx/CVE-2020-7032.json index 3c80e8a77fa..e178617fa6f 100644 --- a/2020/7xxx/CVE-2020-7032.json +++ b/2020/7xxx/CVE-2020-7032.json @@ -113,6 +113,11 @@ "refsource": "FULLDISC", "name": "20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager", "url": "http://seclists.org/fulldisclosure/2020/Nov/31" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html", + "url": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html" } ] },