diff --git a/2018/14xxx/CVE-2018-14572.json b/2018/14xxx/CVE-2018-14572.json index b758c25bd90..244825f9a3f 100644 --- a/2018/14xxx/CVE-2018-14572.json +++ b/2018/14xxx/CVE-2018-14572.json @@ -56,6 +56,11 @@ "name": "https://github.com/PyconUK/ConferenceScheduler-cli/issues/19", "refsource": "MISC", "url": "https://github.com/PyconUK/ConferenceScheduler-cli/issues/19" + }, + { + "refsource": "MISC", + "name": "https://joel-malwarebenchmark.github.io/blog/2020/04/25/cve-2018-14572-conference-scheduler-cli/", + "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/25/cve-2018-14572-conference-scheduler-cli/" } ] } diff --git a/2019/14xxx/CVE-2019-14941.json b/2019/14xxx/CVE-2019-14941.json new file mode 100644 index 00000000000..cece86d2ba0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14941.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shareit.one/blog/", + "refsource": "MISC", + "name": "https://shareit.one/blog/" + }, + { + "refsource": "MISC", + "name": "https://github.com/nathunandwani/shareit-cwe-789", + "url": "https://github.com/nathunandwani/shareit-cwe-789" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15234.json b/2019/15xxx/CVE-2019-15234.json new file mode 100644 index 00000000000..1b5ba7f0d76 --- /dev/null +++ b/2019/15xxx/CVE-2019-15234.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shareit.one/blog/", + "refsource": "MISC", + "name": "https://shareit.one/blog/" + }, + { + "refsource": "MISC", + "name": "https://github.com/nathunandwani/shareit-cwe-789", + "url": "https://github.com/nathunandwani/shareit-cwe-789" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15752.json b/2019/15xxx/CVE-2019-15752.json index 783b2d68180..728b061d260 100644 --- a/2019/15xxx/CVE-2019-15752.json +++ b/2019/15xxx/CVE-2019-15752.json @@ -56,6 +56,11 @@ "url": "https://medium.com/@morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e", "refsource": "MISC", "name": "https://medium.com/@morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html" } ] } diff --git a/2020/11xxx/CVE-2020-11941.json b/2020/11xxx/CVE-2020-11941.json index cdf9c118c3d..c25886a3d6b 100644 --- a/2020/11xxx/CVE-2020-11941.json +++ b/2020/11xxx/CVE-2020-11941.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11941", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11941", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0", + "refsource": "MISC", + "name": "https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities" } ] } diff --git a/2020/12xxx/CVE-2020-12275.json b/2020/12xxx/CVE-2020-12275.json new file mode 100644 index 00000000000..9378dfeaed8 --- /dev/null +++ b/2020/12xxx/CVE-2020-12275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12276.json b/2020/12xxx/CVE-2020-12276.json new file mode 100644 index 00000000000..2f968de8b92 --- /dev/null +++ b/2020/12xxx/CVE-2020-12276.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12276", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12277.json b/2020/12xxx/CVE-2020-12277.json new file mode 100644 index 00000000000..152d1bcdf9f --- /dev/null +++ b/2020/12xxx/CVE-2020-12277.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12277", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12278.json b/2020/12xxx/CVE-2020-12278.json new file mode 100644 index 00000000000..861d14b4598 --- /dev/null +++ b/2020/12xxx/CVE-2020-12278.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-12278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj", + "refsource": "MISC", + "name": "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj" + }, + { + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", + "refsource": "MISC", + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.99.0" + }, + { + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", + "refsource": "MISC", + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.28.4" + }, + { + "url": "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01", + "refsource": "MISC", + "name": "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01" + }, + { + "url": "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb", + "refsource": "MISC", + "name": "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb" + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12279.json b/2020/12xxx/CVE-2020-12279.json new file mode 100644 index 00000000000..a9ca1a37663 --- /dev/null +++ b/2020/12xxx/CVE-2020-12279.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-12279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", + "refsource": "MISC", + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.99.0" + }, + { + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", + "refsource": "MISC", + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.28.4" + }, + { + "url": "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v", + "refsource": "MISC", + "name": "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v" + }, + { + "url": "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4", + "refsource": "MISC", + "name": "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1952.json b/2020/1xxx/CVE-2020-1952.json index ddb93fc77de..77268096ddc 100644 --- a/2020/1xxx/CVE-2020-1952.json +++ b/2020/1xxx/CVE-2020-1952.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "IoTDB", + "version": { + "version_data": [ + { + "version_value": "0.9.0 to 0.9.1" + }, + { + "version_value": "0.8.0 to 0.8.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely." } ] } diff --git a/2020/9xxx/CVE-2020-9294.json b/2020/9xxx/CVE-2020-9294.json index a8515365116..3a4286e0ca6 100644 --- a/2020/9xxx/CVE-2020-9294.json +++ b/2020/9xxx/CVE-2020-9294.json @@ -4,14 +4,77 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9294", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiMail", + "version": { + "version_data": [ + { + "version_value": "5.4.10" + }, + { + "version_value": "6.0.7" + }, + { + "version_value": "6.2.2 and earlier" + } + ] + } + }, + { + "product_name": "FortiVoiceEnterprise", + "version": { + "version_data": [ + { + "version_value": "6.0.0" + }, + { + "version_value": "6.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-20-045", + "url": "https://fortiguard.com/psirt/FG-IR-20-045" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface." } ] }