From d3b9d63389fac0a8609110190a3df07110f32d7a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 18:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/4xxx/CVE-2013-4770.json | 48 ++++++++++++++++++++- 2013/7xxx/CVE-2013-7390.json | 53 +++++++++++++++++++++++- 2014/3xxx/CVE-2014-3979.json | 58 +++++++++++++++++++++++++- 2014/7xxx/CVE-2014-7301.json | 53 +++++++++++++++++++++++- 2014/7xxx/CVE-2014-7302.json | 53 +++++++++++++++++++++++- 2014/7xxx/CVE-2014-7303.json | 53 +++++++++++++++++++++++- 2014/8xxx/CVE-2014-8741.json | 53 +++++++++++++++++++++++- 2014/8xxx/CVE-2014-8742.json | 53 +++++++++++++++++++++++- 2019/14xxx/CVE-2019-14902.json | 5 +++ 2019/14xxx/CVE-2019-14907.json | 5 +++ 2019/17xxx/CVE-2019-17094.json | 10 ++--- 2019/17xxx/CVE-2019-17095.json | 1 + 2019/17xxx/CVE-2019-17099.json | 13 +++--- 2019/19xxx/CVE-2019-19344.json | 5 +++ 2019/19xxx/CVE-2019-19822.json | 76 +++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19823.json | 76 +++++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19824.json | 66 ++++++++++++++++++++++++++--- 2020/5xxx/CVE-2020-5390.json | 5 +++ 2020/8xxx/CVE-2020-8086.json | 18 ++++++++ 19 files changed, 658 insertions(+), 46 deletions(-) create mode 100644 2020/8xxx/CVE-2020-8086.json diff --git a/2013/4xxx/CVE-2013-4770.json b/2013/4xxx/CVE-2013-4770.json index 48d77126f97..a7263905e76 100644 --- a/2013/4xxx/CVE-2013-4770.json +++ b/2013/4xxx/CVE-2013-4770.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4770", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://groups.google.com/a/eucalyptus.com/d/msg/security-announce/tFcxwess0TE/Br0sQW1mJBMJ", + "url": "https://groups.google.com/a/eucalyptus.com/d/msg/security-announce/tFcxwess0TE/Br0sQW1mJBMJ" } ] } diff --git a/2013/7xxx/CVE-2013-7390.json b/2013/7xxx/CVE-2013-7390.json index c9cdc963b7a..112781e1938 100644 --- a/2013/7xxx/CVE-2013-7390.json +++ b/2013/7xxx/CVE-2013-7390.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7390", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2013/Nov/130", + "url": "http://seclists.org/fulldisclosure/2013/Nov/130" } ] } diff --git a/2014/3xxx/CVE-2014-3979.json b/2014/3xxx/CVE-2014-3979.json index bd52e3a6805..db4d7e445c8 100644 --- a/2014/3xxx/CVE-2014-3979.json +++ b/2014/3xxx/CVE-2014-3979.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3979", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/06/10", + "url": "http://www.openwall.com/lists/oss-security/2014/06/06/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/11/2", + "url": "http://www.openwall.com/lists/oss-security/2014/06/11/2" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/67948", + "url": "http://www.securityfocus.com/bid/67948" } ] } diff --git a/2014/7xxx/CVE-2014-7301.json b/2014/7xxx/CVE-2014-7301.json index dc43e8ad463..aebbf558548 100644 --- a/2014/7xxx/CVE-2014-7301.json +++ b/2014/7xxx/CVE-2014-7301.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7301", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html", + "url": "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/", + "url": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/" } ] } diff --git a/2014/7xxx/CVE-2014-7302.json b/2014/7xxx/CVE-2014-7302.json index ccdc631c46e..b2eb5e498eb 100644 --- a/2014/7xxx/CVE-2014-7302.json +++ b/2014/7xxx/CVE-2014-7302.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7302", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/", + "url": "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/" } ] } diff --git a/2014/7xxx/CVE-2014-7303.json b/2014/7xxx/CVE-2014-7303.json index 052a7a25923..d874ed46154 100644 --- a/2014/7xxx/CVE-2014-7303.json +++ b/2014/7xxx/CVE-2014-7303.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7303", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html", + "url": "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/", + "url": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/" } ] } diff --git a/2014/8xxx/CVE-2014-8741.json b/2014/8xxx/CVE-2014-8741.json index da3adac0433..5f3d35c4d1c 100644 --- a/2014/8xxx/CVE-2014-8741.json +++ b/2014/8xxx/CVE-2014-8741.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8741", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE666", + "url": "http://support.lexmark.com/index?page=content&id=TE666" + }, + { + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-410/", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-410/" } ] } diff --git a/2014/8xxx/CVE-2014-8742.json b/2014/8xxx/CVE-2014-8742.json index 8247b57910e..77a08172cb7 100644 --- a/2014/8xxx/CVE-2014-8742.json +++ b/2014/8xxx/CVE-2014-8742.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8742", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-411/", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-411/" + }, + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE666", + "url": "http://support.lexmark.com/index?page=content&id=TE666" } ] } diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json index ccee8c0dadb..11f76d16c42 100644 --- a/2019/14xxx/CVE-2019-14902.json +++ b/2019/14xxx/CVE-2019-14902.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" } ] }, diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json index dd8142f692a..702cad0865c 100644 --- a/2019/14xxx/CVE-2019-14907.json +++ b/2019/14xxx/CVE-2019-14907.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17094.json b/2019/17xxx/CVE-2019-17094.json index 1f3d5c6cb84..f58b8ea83ca 100644 --- a/2019/17xxx/CVE-2019-17094.json +++ b/2019/17xxx/CVE-2019-17094.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Belkin", "product": { "product_data": [ { @@ -17,15 +18,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_value": "2.00.11396" + "version_value": "2.00.11396 and prior" } ] } } ] - }, - "vendor_name": "Belkin" + } } ] } @@ -43,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device.\nThis issue affects:\nBelkin WeMo Insight Switch firmware\nversion 2.00.11396 and prior versions." + "value": "A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions." } ] }, @@ -82,6 +81,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://labs.bitdefender.com/2019/12/multiple-vulnerabilities-in-belkin-wemo-insight-switch/", "url": "https://labs.bitdefender.com/2019/12/multiple-vulnerabilities-in-belkin-wemo-insight-switch/" } ] diff --git a/2019/17xxx/CVE-2019-17095.json b/2019/17xxx/CVE-2019-17095.json index b6a47383311..a4bb4b58401 100644 --- a/2019/17xxx/CVE-2019-17095.json +++ b/2019/17xxx/CVE-2019-17095.json @@ -88,6 +88,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.bitdefender.com/support/security-advisories/command-injection-vulnerability-in-bitdefender-box-v2-va-5706", "url": "https://www.bitdefender.com/support/security-advisories/command-injection-vulnerability-in-bitdefender-box-v2-va-5706" } ] diff --git a/2019/17xxx/CVE-2019-17099.json b/2019/17xxx/CVE-2019-17099.json index 3f662c4666b..5a1edd4cf13 100644 --- a/2019/17xxx/CVE-2019-17099.json +++ b/2019/17xxx/CVE-2019-17099.json @@ -10,23 +10,21 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Bitdefender", "product": { "product_data": [ { - "product_name": "EPSecurityService.exe ", + "product_name": "EPSecurityService.exe", "version": { "version_data": [ { - "version_affected": "<", - "version_name": "6.6.11.162", - "version_value": "6.6.11.162" + "version_value": "6.6.11.162 and prior" } ] } } ] - }, - "vendor_name": "Bitdefender" + } } ] } @@ -44,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path.\nThis issue affects:\nBitdefender EPSecurityService.exe versions prior to 6.6.11.163." + "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163." } ] }, @@ -83,6 +81,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/", "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/" } ] diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index 10e6e3c854c..b3cc5d2aa21 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" } ] }, diff --git a/2019/19xxx/CVE-2019-19822.json b/2019/19xxx/CVE-2019-19822.json index 5c459eadef2..fbc7bd81806 100644 --- a/2019/19xxx/CVE-2019-19822.json +++ b/2019/19xxx/CVE-2019-19822.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19822", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19822", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13", + "refsource": "MISC", + "name": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13" + }, + { + "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz", + "refsource": "MISC", + "name": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz" + }, + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19823.json b/2019/19xxx/CVE-2019-19823.json index deafa97ad87..1442389daf4 100644 --- a/2019/19xxx/CVE-2019-19823.json +++ b/2019/19xxx/CVE-2019-19823.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19823", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19823", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13", + "refsource": "MISC", + "name": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13" + }, + { + "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz", + "refsource": "MISC", + "name": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz" + }, + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19824.json b/2019/19xxx/CVE-2019-19824.json index 1597f287525..63c555179d0 100644 --- a/2019/19xxx/CVE-2019-19824.json +++ b/2019/19xxx/CVE-2019-19824.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19824", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2020/5xxx/CVE-2020-5390.json b/2020/5xxx/CVE-2020-5390.json index 93f1fe49460..10bff612cba 100644 --- a/2020/5xxx/CVE-2020-5390.json +++ b/2020/5xxx/CVE-2020-5390.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://pypi.org/project/pysaml2/5.0.0/", "url": "https://pypi.org/project/pysaml2/5.0.0/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4245-1", + "url": "https://usn.ubuntu.com/4245-1/" } ] } diff --git a/2020/8xxx/CVE-2020-8086.json b/2020/8xxx/CVE-2020-8086.json new file mode 100644 index 00000000000..7602771fe55 --- /dev/null +++ b/2020/8xxx/CVE-2020-8086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file