diff --git a/2014/0xxx/CVE-2014-0226.json b/2014/0xxx/CVE-2014-0226.json index 8bbacf525e9..dc729288885 100644 --- a/2014/0xxx/CVE-2014-0226.json +++ b/2014/0xxx/CVE-2014-0226.json @@ -256,6 +256,11 @@ "refsource": "MLIST", "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://www.povonsec.com/apache-2-4-7-exploit/", + "url": "https://www.povonsec.com/apache-2-4-7-exploit/" } ] } diff --git a/2020/11xxx/CVE-2020-11957.json b/2020/11xxx/CVE-2020-11957.json new file mode 100644 index 00000000000..1a7cd7e5cab --- /dev/null +++ b/2020/11xxx/CVE-2020-11957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11958.json b/2020/11xxx/CVE-2020-11958.json new file mode 100644 index 00000000000..11e2850d3fa --- /dev/null +++ b/2020/11xxx/CVE-2020-11958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11959.json b/2020/11xxx/CVE-2020-11959.json new file mode 100644 index 00000000000..d977468a23e --- /dev/null +++ b/2020/11xxx/CVE-2020-11959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11960.json b/2020/11xxx/CVE-2020-11960.json new file mode 100644 index 00000000000..5ccdfe214fa --- /dev/null +++ b/2020/11xxx/CVE-2020-11960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11961.json b/2020/11xxx/CVE-2020-11961.json new file mode 100644 index 00000000000..f986d86f19b --- /dev/null +++ b/2020/11xxx/CVE-2020-11961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11962.json b/2020/11xxx/CVE-2020-11962.json new file mode 100644 index 00000000000..9ab0e59f8a9 --- /dev/null +++ b/2020/11xxx/CVE-2020-11962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9275.json b/2020/9xxx/CVE-2020-9275.json index 265b5d1d671..a7c88d28dde 100644 --- a/2020/9xxx/CVE-2020-9275.json +++ b/2020/9xxx/CVE-2020-9275.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9275", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9275", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/", + "url": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/advisories/CVE-2020-9275_D-Link-DSL-2640B_Remote-Credentials-Exfiltration_v1.0.txt", + "url": "https://raelize.com/advisories/CVE-2020-9275_D-Link-DSL-2640B_Remote-Credentials-Exfiltration_v1.0.txt" } ] } diff --git a/2020/9xxx/CVE-2020-9276.json b/2020/9xxx/CVE-2020-9276.json index 3e40ed65081..944efb41c0d 100644 --- a/2020/9xxx/CVE-2020-9276.json +++ b/2020/9xxx/CVE-2020-9276.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9276", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9276", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/", + "url": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/advisories/CVE-2020-9276_D-Link-DSL-2640B_do_cgi-buffer-overflow_v1.0.txt", + "url": "https://raelize.com/advisories/CVE-2020-9276_D-Link-DSL-2640B_do_cgi-buffer-overflow_v1.0.txt" } ] } diff --git a/2020/9xxx/CVE-2020-9277.json b/2020/9xxx/CVE-2020-9277.json index 6420c69df9a..e27d032b7ed 100644 --- a/2020/9xxx/CVE-2020-9277.json +++ b/2020/9xxx/CVE-2020-9277.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9277", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9277", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/", + "url": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/advisories/CVE-2020-9277_D-Link-DSL-2640B_CGI-Authentication-bypass_v1.0.txt", + "url": "https://raelize.com/advisories/CVE-2020-9277_D-Link-DSL-2640B_CGI-Authentication-bypass_v1.0.txt" } ] } diff --git a/2020/9xxx/CVE-2020-9278.json b/2020/9xxx/CVE-2020-9278.json index 656dd3e571a..e7301839362 100644 --- a/2020/9xxx/CVE-2020-9278.json +++ b/2020/9xxx/CVE-2020-9278.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9278", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9278", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/", + "url": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/advisories/CVE-2020-9278_D-Link-DSL-2640B_Unauthenticated-configuration-reset_v1.0.txt", + "url": "https://raelize.com/advisories/CVE-2020-9278_D-Link-DSL-2640B_Unauthenticated-configuration-reset_v1.0.txt" } ] } diff --git a/2020/9xxx/CVE-2020-9279.json b/2020/9xxx/CVE-2020-9279.json index b6a4b5489b6..fd8fb7857c4 100644 --- a/2020/9xxx/CVE-2020-9279.json +++ b/2020/9xxx/CVE-2020-9279.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9279", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9279", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/", + "url": "https://raelize.com/posts/d-link-dsl-2640b-security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://raelize.com/advisories/CVE-2020-9279_D-Link-DSL-2640B_Hard-coded-privileged-account_v1.0.txt", + "url": "https://raelize.com/advisories/CVE-2020-9279_D-Link-DSL-2640B_Hard-coded-privileged-account_v1.0.txt" } ] }