diff --git a/2020/7xxx/CVE-2020-7845.json b/2020/7xxx/CVE-2020-7845.json index 67837e4bf5e..cc62d606c60 100644 --- a/2020/7xxx/CVE-2020-7845.json +++ b/2020/7xxx/CVE-2020-7845.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2020-7845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Jiransecurity Spamsniper Stack-based Buffer Overflow Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spamsniper", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.2.7", + "version_value": "5.7.8 revision 5500" + } + ] + } + } + ] + }, + "vendor_name": "Jiransecurity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "KrCERT/CC Vulnerability Analysis Team Researcher Honggi Kim, Hyunsoo Gil, Jeesoo Jurn" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.jiransecurity.com/", + "name": "https://www.jiransecurity.com/" + }, + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35855", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35855" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8289.json b/2020/8xxx/CVE-2020-8289.json index 5d0d2363ee1..904917ff3fb 100644 --- a/2020/8xxx/CVE-2020-8289.json +++ b/2020/8xxx/CVE-2020-8289.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8289", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Backblaze", + "version": { + "version_data": [ + { + "version_value": "Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Certificate Validation (CWE-295)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/818853", + "url": "https://hackerone.com/reports/818853" + }, + { + "refsource": "MISC", + "name": "https://youtu.be/W0THXbcX5V8", + "url": "https://youtu.be/W0THXbcX5V8" + }, + { + "refsource": "MISC", + "name": "https://github.com/geffner/CVE-2020-8289/blob/master/README.md", + "url": "https://github.com/geffner/CVE-2020-8289/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/", + "url": "https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality." } ] } diff --git a/2020/8xxx/CVE-2020-8290.json b/2020/8xxx/CVE-2020-8290.json index a16ec46e94c..9cc0aef46f1 100644 --- a/2020/8xxx/CVE-2020-8290.json +++ b/2020/8xxx/CVE-2020-8290.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Backblaze", + "version": { + "version_data": [ + { + "version_value": "Prior to 7.0.0.439" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Privilege Management (CWE-269)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/818857", + "url": "https://hackerone.com/reports/818857" + }, + { + "refsource": "MISC", + "name": "https://youtu.be/OpC6neWd2aM", + "url": "https://youtu.be/OpC6neWd2aM" + }, + { + "refsource": "MISC", + "name": "https://github.com/geffner/CVE-2020-8290/blob/master/README.md", + "url": "https://github.com/geffner/CVE-2020-8290/blob/master/README.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary." } ] }