From d559bbb2df27044c57e451025c3d17271b03371e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 23 Dec 2020 20:01:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0986.json | 5 +++ 2020/28xxx/CVE-2020-28984.json | 5 +++ 2020/35xxx/CVE-2020-35665.json | 62 ++++++++++++++++++++++++++++++++++ 2020/35xxx/CVE-2020-35666.json | 62 ++++++++++++++++++++++++++++++++++ 4 files changed, 134 insertions(+) create mode 100644 2020/35xxx/CVE-2020-35665.json create mode 100644 2020/35xxx/CVE-2020-35666.json diff --git a/2020/0xxx/CVE-2020-0986.json b/2020/0xxx/CVE-2020-0986.json index b372d824705..d11ee0e8781 100644 --- a/2020/0xxx/CVE-2020-0986.json +++ b/2020/0xxx/CVE-2020-0986.json @@ -255,6 +255,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html" } ] } diff --git a/2020/28xxx/CVE-2020-28984.json b/2020/28xxx/CVE-2020-28984.json index b310bdb00b5..b40c5e86016 100644 --- a/2020/28xxx/CVE-2020-28984.json +++ b/2020/28xxx/CVE-2020-28984.json @@ -66,6 +66,11 @@ "refsource": "DEBIAN", "name": "DSA-4798", "url": "https://www.debian.org/security/2020/dsa-4798" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2505-1] spip security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html" } ] } diff --git a/2020/35xxx/CVE-2020-35665.json b/2020/35xxx/CVE-2020-35665.json new file mode 100644 index 00000000000..887c56e880d --- /dev/null +++ b/2020/35xxx/CVE-2020-35665.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html", + "refsource": "MISC", + "name": "https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35666.json b/2020/35xxx/CVE-2020-35666.json new file mode 100644 index 00000000000..342251f313b --- /dev/null +++ b/2020/35xxx/CVE-2020-35666.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-35666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/steedos/steedos-platform/issues/1245", + "refsource": "MISC", + "name": "https://github.com/steedos/steedos-platform/issues/1245" + } + ] + } +} \ No newline at end of file