From 293457d7cd7609a9d72ce2050d5e64c00c7924b3 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Thu, 29 Oct 2020 11:47:55 -0400 Subject: [PATCH 01/17] IBM20201029-114755 Added CVE-2020-4723, CVE-2020-4722, CVE-2020-4864, CVE-2020-4721, CVE-2019-4547, CVE-2019-4563, CVE-2020-4724 --- 2019/4xxx/CVE-2019-4547.json | 102 +++++++++++++++++++++++++++++----- 2019/4xxx/CVE-2019-4563.json | 102 +++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4721.json | 105 ++++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4722.json | 105 ++++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4723.json | 105 ++++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4724.json | 105 ++++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4864.json | 102 +++++++++++++++++++++++++++++----- 7 files changed, 621 insertions(+), 105 deletions(-) diff --git a/2019/4xxx/CVE-2019-4547.json b/2019/4xxx/CVE-2019-4547.json index bc3794e3f5e..caab9d2f9b9 100644 --- a/2019/4xxx/CVE-2019-4547.json +++ b/2019/4xxx/CVE-2019-4547.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4547", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6356607", + "name" : "https://www.ibm.com/support/pages/node/6356607", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6356607 (Security Directory Server)" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949", + "name" : "ibm-sds-cve20194547-info-disc (165949)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "6.4.0" + } + ] + }, + "product_name" : "Security Directory Server" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "PR" : "N", + "SCORE" : "5.300", + "AC" : "L", + "A" : "N", + "UI" : "N", + "S" : "U", + "I" : "N", + "AV" : "N", + "C" : "L" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2020-10-28T00:00:00", + "ID" : "CVE-2019-4547" + }, + "data_type" : "CVE" +} diff --git a/2019/4xxx/CVE-2019-4563.json b/2019/4xxx/CVE-2019-4563.json index 053c09c1214..36fc8cf3825 100644 --- a/2019/4xxx/CVE-2019-4563.json +++ b/2019/4xxx/CVE-2019-4563.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4563", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6356607 (Security Directory Server)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6356607", + "name" : "https://www.ibm.com/support/pages/node/6356607" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-sds-cve20194563-info-disc (166624)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Security Directory Server", + "version" : { + "version_data" : [ + { + "version_value" : "6.4.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624." + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "I" : "N", + "AV" : "N", + "C" : "L", + "A" : "N", + "UI" : "N", + "AC" : "H", + "S" : "U", + "PR" : "N", + "SCORE" : "3.700" + } + } + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-10-28T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2019-4563" + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4721.json b/2020/4xxx/CVE-2020-4721.json index 00687cae086..201627782b8 100644 --- a/2020/4xxx/CVE-2020-4721.json +++ b/2020/4xxx/CVE-2020-4721.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-10-28T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2020-4721" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "UI" : "R", + "S" : "U", + "PR" : "N", + "SCORE" : "7.800", + "I" : "H", + "AV" : "L", + "C" : "H" + }, + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + } + } + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "i2 Analyst Notebook", + "version" : { + "version_data" : [ + { + "version_value" : "9.2.1" + }, + { + "version_value" : "9.2.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6356497", + "name" : "https://www.ibm.com/support/pages/node/6356497", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-i2-cve20204721-bo (187868)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187868" + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4722.json b/2020/4xxx/CVE-2020-4722.json index 5403544544f..6d84e6720ec 100644 --- a/2020/4xxx/CVE-2020-4722.json +++ b/2020/4xxx/CVE-2020-4722.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + }, + "BM" : { + "C" : "H", + "AV" : "L", + "I" : "H", + "SCORE" : "7.800", + "PR" : "N", + "S" : "U", + "UI" : "R", + "A" : "H", + "AC" : "L" + } + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "CVE_data_meta" : { + "ID" : "CVE-2020-4722", + "DATE_PUBLIC" : "2020-10-28T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Privileges" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6356497", + "name" : "https://www.ibm.com/support/pages/node/6356497", + "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource" : "CONFIRM" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187870", + "name" : "ibm-i2-cve20204722-bo (187870)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "i2 Analyst Notebook", + "version" : { + "version_data" : [ + { + "version_value" : "9.2.1" + }, + { + "version_value" : "9.2.0" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.", + "lang" : "eng" + } + ] + } +} diff --git a/2020/4xxx/CVE-2020-4723.json b/2020/4xxx/CVE-2020-4723.json index 37745f23f9f..d6c30950faa 100644 --- a/2020/4xxx/CVE-2020-4723.json +++ b/2020/4xxx/CVE-2020-4723.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.2.1" + }, + { + "version_value" : "9.2.0" + } + ] + }, + "product_name" : "i2 Analyst Notebook" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6356497", + "name" : "https://www.ibm.com/support/pages/node/6356497", + "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource" : "CONFIRM" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-i2-cve20204723-bo (187873)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187873" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4723", + "DATE_PUBLIC" : "2020-10-28T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "E" : "U", + "RL" : "O" + }, + "BM" : { + "PR" : "N", + "SCORE" : "7.800", + "AC" : "L", + "A" : "H", + "UI" : "R", + "S" : "U", + "I" : "H", + "C" : "H", + "AV" : "L" + } + } + }, + "data_format" : "MITRE" +} diff --git a/2020/4xxx/CVE-2020-4724.json b/2020/4xxx/CVE-2020-4724.json index f6890e7d56d..931db11d61f 100644 --- a/2020/4xxx/CVE-2020-4724.json +++ b/2020/4xxx/CVE-2020-4724.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system." + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6356497", + "name" : "https://www.ibm.com/support/pages/node/6356497" + }, + { + "name" : "ibm-i2-cve20204724-bo (187874)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187874", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "9.2.1" + }, + { + "version_value" : "9.2.0" + } + ] + }, + "product_name" : "i2 Analyst Notebook" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "PR" : "N", + "SCORE" : "7.800", + "UI" : "R", + "AC" : "L", + "A" : "H", + "S" : "U", + "I" : "H", + "AV" : "L", + "C" : "H" + } + } + }, + "data_format" : "MITRE", + "CVE_data_meta" : { + "DATE_PUBLIC" : "2020-10-28T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com", + "STATE" : "PUBLIC", + "ID" : "CVE-2020-4724" + }, + "data_type" : "CVE" +} diff --git a/2020/4xxx/CVE-2020-4864.json b/2020/4xxx/CVE-2020-4864.json index eea05582d48..06b12313dba 100644 --- a/2020/4xxx/CVE-2020-4864.json +++ b/2020/4xxx/CVE-2020-4864.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "A", + "C" : "N", + "I" : "L", + "S" : "U", + "A" : "N", + "AC" : "L", + "UI" : "N", + "SCORE" : "4.300", + "PR" : "N" + }, + "TM" : { + "E" : "U", + "RL" : "O", + "RC" : "C" + } + } + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4864", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2020-10-28T00:00:00" + }, + "data_type" : "CVE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Bypass Security", + "lang" : "eng" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6356441 (Resilient OnPrem)", + "name" : "https://www.ibm.com/support/pages/node/6356441", + "url" : "https://www.ibm.com/support/pages/node/6356441" + }, + { + "refsource" : "XF", + "title" : "X-Force Vulnerability Report", + "name" : "ibm-resilient-cve20204864-spoofing (190567)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190567" + } + ] + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Resilient OnPrem", + "version" : { + "version_data" : [ + { + "version_value" : "38" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.", + "lang" : "eng" + } + ] + } +} From 01439d95b50a77e5490f7516f2ba938dcb4fdefe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 16:01:54 +0000 Subject: [PATCH 02/17] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11556.json | 5 + 2019/4xxx/CVE-2019-4547.json | 172 +++++++++++++++---------------- 2019/4xxx/CVE-2019-4563.json | 172 +++++++++++++++---------------- 2020/15xxx/CVE-2020-15190.json | 5 + 2020/15xxx/CVE-2020-15191.json | 5 + 2020/15xxx/CVE-2020-15192.json | 5 + 2020/15xxx/CVE-2020-15193.json | 5 + 2020/15xxx/CVE-2020-15194.json | 5 + 2020/15xxx/CVE-2020-15195.json | 5 + 2020/15xxx/CVE-2020-15202.json | 5 + 2020/15xxx/CVE-2020-15203.json | 5 + 2020/15xxx/CVE-2020-15204.json | 5 + 2020/15xxx/CVE-2020-15205.json | 5 + 2020/15xxx/CVE-2020-15206.json | 5 + 2020/15xxx/CVE-2020-15207.json | 5 + 2020/15xxx/CVE-2020-15208.json | 5 + 2020/15xxx/CVE-2020-15209.json | 5 + 2020/15xxx/CVE-2020-15210.json | 5 + 2020/15xxx/CVE-2020-15211.json | 5 + 2020/27xxx/CVE-2020-27993.json | 62 +++++++++++ 2020/27xxx/CVE-2020-27994.json | 18 ++++ 2020/4xxx/CVE-2020-4721.json | 180 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4722.json | 182 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4723.json | 178 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4864.json | 176 +++++++++++++++---------------- 2020/5xxx/CVE-2020-5931.json | 50 ++++++++- 2020/5xxx/CVE-2020-5932.json | 50 ++++++++- 2020/5xxx/CVE-2020-5933.json | 50 ++++++++- 2020/5xxx/CVE-2020-5934.json | 50 ++++++++- 2020/5xxx/CVE-2020-5935.json | 50 ++++++++- 2020/5xxx/CVE-2020-5936.json | 50 ++++++++- 31 files changed, 977 insertions(+), 548 deletions(-) create mode 100644 2020/27xxx/CVE-2020-27993.json create mode 100644 2020/27xxx/CVE-2020-27994.json diff --git a/2019/11xxx/CVE-2019-11556.json b/2019/11xxx/CVE-2019-11556.json index 1ac80a51fc8..62c199f3e95 100644 --- a/2019/11xxx/CVE-2019-11556.json +++ b/2019/11xxx/CVE-2019-11556.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618", "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1765", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html" } ] } diff --git a/2019/4xxx/CVE-2019-4547.json b/2019/4xxx/CVE-2019-4547.json index caab9d2f9b9..b0fcc1e6451 100644 --- a/2019/4xxx/CVE-2019-4547.json +++ b/2019/4xxx/CVE-2019-4547.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356607", - "name" : "https://www.ibm.com/support/pages/node/6356607", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6356607 (Security Directory Server)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949", - "name" : "ibm-sds-cve20194547-info-disc (165949)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.4.0" - } - ] - }, - "product_name" : "Security Directory Server" - } - ] - } + "value": "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.", + "lang": "eng" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356607", + "name": "https://www.ibm.com/support/pages/node/6356607", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356607 (Security Directory Server)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949", + "name": "ibm-sds-cve20194547-info-disc (165949)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + }, + "product_name": "Security Directory Server" + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "SCORE" : "5.300", - "AC" : "L", - "A" : "N", - "UI" : "N", - "S" : "U", - "I" : "N", - "AV" : "N", - "C" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "ID" : "CVE-2019-4547" - }, - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "SCORE": "5.300", + "AC": "L", + "A": "N", + "UI": "N", + "S": "U", + "I": "N", + "AV": "N", + "C": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "ID": "CVE-2019-4547" + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4563.json b/2019/4xxx/CVE-2019-4563.json index 36fc8cf3825..234f0330ed0 100644 --- a/2019/4xxx/CVE-2019-4563.json +++ b/2019/4xxx/CVE-2019-4563.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6356607 (Security Directory Server)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6356607", - "name" : "https://www.ibm.com/support/pages/node/6356607" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sds-cve20194563-info-disc (166624)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Directory Server", - "version" : { - "version_data" : [ - { - "version_value" : "6.4.0" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6356607 (Security Directory Server)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6356607", + "name": "https://www.ibm.com/support/pages/node/6356607" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sds-cve20194563-info-disc (166624)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624" } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "I" : "N", - "AV" : "N", - "C" : "L", - "A" : "N", - "UI" : "N", - "AC" : "H", - "S" : "U", - "PR" : "N", - "SCORE" : "3.700" - } - } - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4563" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Directory Server", + "version": { + "version_data": [ + { + "version_value": "6.4.0" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624." + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "I": "N", + "AV": "N", + "C": "L", + "A": "N", + "UI": "N", + "AC": "H", + "S": "U", + "PR": "N", + "SCORE": "3.700" + } + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4563" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15190.json b/2020/15xxx/CVE-2020-15190.json index 4d75145f697..69b59e5bf80 100644 --- a/2020/15xxx/CVE-2020-15190.json +++ b/2020/15xxx/CVE-2020-15190.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15191.json b/2020/15xxx/CVE-2020-15191.json index 2f8b4540f82..bdceab9a0ef 100644 --- a/2020/15xxx/CVE-2020-15191.json +++ b/2020/15xxx/CVE-2020-15191.json @@ -94,6 +94,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15192.json b/2020/15xxx/CVE-2020-15192.json index 8e92f95595e..e84ea5377e0 100644 --- a/2020/15xxx/CVE-2020-15192.json +++ b/2020/15xxx/CVE-2020-15192.json @@ -86,6 +86,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15193.json b/2020/15xxx/CVE-2020-15193.json index eaf2acfcb23..2943e7e3b91 100644 --- a/2020/15xxx/CVE-2020-15193.json +++ b/2020/15xxx/CVE-2020-15193.json @@ -86,6 +86,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15194.json b/2020/15xxx/CVE-2020-15194.json index 873e58949cf..c27861ebb39 100644 --- a/2020/15xxx/CVE-2020-15194.json +++ b/2020/15xxx/CVE-2020-15194.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15195.json b/2020/15xxx/CVE-2020-15195.json index 27a1f76ae79..09764b50866 100644 --- a/2020/15xxx/CVE-2020-15195.json +++ b/2020/15xxx/CVE-2020-15195.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15202.json b/2020/15xxx/CVE-2020-15202.json index 9d7f63c9d9d..8db71c4621f 100644 --- a/2020/15xxx/CVE-2020-15202.json +++ b/2020/15xxx/CVE-2020-15202.json @@ -108,6 +108,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15203.json b/2020/15xxx/CVE-2020-15203.json index 421080960df..be6e4898340 100644 --- a/2020/15xxx/CVE-2020-15203.json +++ b/2020/15xxx/CVE-2020-15203.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15204.json b/2020/15xxx/CVE-2020-15204.json index 9babef0b34f..342980aa6ae 100644 --- a/2020/15xxx/CVE-2020-15204.json +++ b/2020/15xxx/CVE-2020-15204.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15205.json b/2020/15xxx/CVE-2020-15205.json index 2d7aa7ef276..d11a5519a36 100644 --- a/2020/15xxx/CVE-2020-15205.json +++ b/2020/15xxx/CVE-2020-15205.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15206.json b/2020/15xxx/CVE-2020-15206.json index 603fca189f4..fe7b833644e 100644 --- a/2020/15xxx/CVE-2020-15206.json +++ b/2020/15xxx/CVE-2020-15206.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15207.json b/2020/15xxx/CVE-2020-15207.json index 6ea2490baf6..21067fd9482 100644 --- a/2020/15xxx/CVE-2020-15207.json +++ b/2020/15xxx/CVE-2020-15207.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15208.json b/2020/15xxx/CVE-2020-15208.json index 379690dd478..fbfd53b8d4a 100644 --- a/2020/15xxx/CVE-2020-15208.json +++ b/2020/15xxx/CVE-2020-15208.json @@ -103,6 +103,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15209.json b/2020/15xxx/CVE-2020-15209.json index c5aed6f5027..736967f1a08 100644 --- a/2020/15xxx/CVE-2020-15209.json +++ b/2020/15xxx/CVE-2020-15209.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15210.json b/2020/15xxx/CVE-2020-15210.json index 4321a64001e..e825062e261 100644 --- a/2020/15xxx/CVE-2020-15210.json +++ b/2020/15xxx/CVE-2020-15210.json @@ -95,6 +95,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15211.json b/2020/15xxx/CVE-2020-15211.json index 51c53fa7c50..4526d71491a 100644 --- a/2020/15xxx/CVE-2020-15211.json +++ b/2020/15xxx/CVE-2020-15211.json @@ -128,6 +128,11 @@ "name": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1766", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27993.json b/2020/27xxx/CVE-2020-27993.json new file mode 100644 index 00000000000..9d591db14dd --- /dev/null +++ b/2020/27xxx/CVE-2020-27993.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/48920", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48920" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27994.json b/2020/27xxx/CVE-2020-27994.json new file mode 100644 index 00000000000..7d9f2964863 --- /dev/null +++ b/2020/27xxx/CVE-2020-27994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4721.json b/2020/4xxx/CVE-2020-4721.json index 201627782b8..74287497260 100644 --- a/2020/4xxx/CVE-2020-4721.json +++ b/2020/4xxx/CVE-2020-4721.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4721" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "UI" : "R", - "S" : "U", - "PR" : "N", - "SCORE" : "7.800", - "I" : "H", - "AV" : "L", - "C" : "H" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analyst Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356497", - "name" : "https://www.ibm.com/support/pages/node/6356497", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-i2-cve20204721-bo (187868)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187868" - } - ] - } -} + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4721" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "UI": "R", + "S": "U", + "PR": "N", + "SCORE": "7.800", + "I": "H", + "AV": "L", + "C": "H" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i2 Analyst Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-i2-cve20204721-bo (187868)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187868" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4722.json b/2020/4xxx/CVE-2020-4722.json index 6d84e6720ec..7d6aa021075 100644 --- a/2020/4xxx/CVE-2020-4722.json +++ b/2020/4xxx/CVE-2020-4722.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "AV" : "L", - "I" : "H", - "SCORE" : "7.800", - "PR" : "N", - "S" : "U", - "UI" : "R", - "A" : "H", - "AC" : "L" - } - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2020-4722", - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356497", - "name" : "https://www.ibm.com/support/pages/node/6356497", - "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187870", - "name" : "ibm-i2-cve20204722-bo (187870)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "i2 Analyst Notebook", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.0" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "H", + "AV": "L", + "I": "H", + "SCORE": "7.800", + "PR": "N", + "S": "U", + "UI": "R", + "A": "H", + "AC": "L" } - ] - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2020-4722", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187870", + "name": "ibm-i2-cve20204722-bo (187870)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i2 Analyst Notebook", + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4723.json b/2020/4xxx/CVE-2020-4723.json index d6c30950faa..3fb18d46437 100644 --- a/2020/4xxx/CVE-2020-4723.json +++ b/2020/4xxx/CVE-2020-4723.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.2.0" - } - ] - }, - "product_name" : "i2 Analyst Notebook" - } - ] - } + "value": "IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.", + "lang": "eng" } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6356497", - "name" : "https://www.ibm.com/support/pages/node/6356497", - "title" : "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-i2-cve20204723-bo (187873)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/187873" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.2.1" + }, + { + "version_value": "9.2.0" + } + ] + }, + "product_name": "i2 Analyst Notebook" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4723", - "DATE_PUBLIC" : "2020-10-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "PR" : "N", - "SCORE" : "7.800", - "AC" : "L", - "A" : "H", - "UI" : "R", - "S" : "U", - "I" : "H", - "C" : "H", - "AV" : "L" - } - } - }, - "data_format" : "MITRE" -} + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6356497", + "name": "https://www.ibm.com/support/pages/node/6356497", + "title": "IBM Security Bulletin 6356497 (i2 Analyst Notebook)", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-i2-cve20204723-bo (187873)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187873" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4723", + "DATE_PUBLIC": "2020-10-28T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "PR": "N", + "SCORE": "7.800", + "AC": "L", + "A": "H", + "UI": "R", + "S": "U", + "I": "H", + "C": "H", + "AV": "L" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4864.json b/2020/4xxx/CVE-2020-4864.json index 06b12313dba..b1eabaf5b22 100644 --- a/2020/4xxx/CVE-2020-4864.json +++ b/2020/4xxx/CVE-2020-4864.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "A", - "C" : "N", - "I" : "L", - "S" : "U", - "A" : "N", - "AC" : "L", - "UI" : "N", - "SCORE" : "4.300", - "PR" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4864", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-10-28T00:00:00" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Bypass Security", - "lang" : "eng" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6356441 (Resilient OnPrem)", - "name" : "https://www.ibm.com/support/pages/node/6356441", - "url" : "https://www.ibm.com/support/pages/node/6356441" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-resilient-cve20204864-spoofing (190567)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190567" - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Resilient OnPrem", - "version" : { - "version_data" : [ - { - "version_value" : "38" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "AV": "A", + "C": "N", + "I": "L", + "S": "U", + "A": "N", + "AC": "L", + "UI": "N", + "SCORE": "4.300", + "PR": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.", - "lang" : "eng" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4864", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-10-28T00:00:00" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Bypass Security", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6356441 (Resilient OnPrem)", + "name": "https://www.ibm.com/support/pages/node/6356441", + "url": "https://www.ibm.com/support/pages/node/6356441" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-resilient-cve20204864-spoofing (190567)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190567" + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Resilient OnPrem", + "version": { + "version_data": [ + { + "version_value": "38" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5931.json b/2020/5xxx/CVE-2020-5931.json index 64fc3e26c3f..0f430ce986f 100644 --- a/2020/5xxx/CVE-2020-5931.json +++ b/2020/5xxx/CVE-2020-5931.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, 11.6.1-11.6.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K25400442", + "url": "https://support.f5.com/csp/article/K25400442" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart." } ] } diff --git a/2020/5xxx/CVE-2020-5932.json b/2020/5xxx/CVE-2020-5932.json index 46153dffb0b..fc80172f02b 100644 --- a/2020/5xxx/CVE-2020-5932.json +++ b/2020/5xxx/CVE-2020-5932.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K12002065", + "url": "https://support.f5.com/csp/article/K12002065" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened." } ] } diff --git a/2020/5xxx/CVE-2020-5933.json b/2020/5xxx/CVE-2020-5933.json index 9d029446011..2ce28f4b2f4 100644 --- a/2020/5xxx/CVE-2020-5933.json +++ b/2020/5xxx/CVE-2020-5933.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K26244025", + "url": "https://support.f5.com/csp/article/K26244025" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system." } ] } diff --git a/2020/5xxx/CVE-2020-5934.json b/2020/5xxx/CVE-2020-5934.json index 5ed3926a61e..edf1c48226c 100644 --- a/2020/5xxx/CVE-2020-5934.json +++ b/2020/5xxx/CVE-2020-5934.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K44808538", + "url": "https://support.f5.com/csp/article/K44808538" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted." } ] } diff --git a/2020/5xxx/CVE-2020-5935.json b/2020/5xxx/CVE-2020-5935.json index c4ed97db258..0cc34013f33 100644 --- a/2020/5xxx/CVE-2020-5935.json +++ b/2020/5xxx/CVE-2020-5935.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM)", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K62830532", + "url": "https://support.f5.com/csp/article/K62830532" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file." } ] } diff --git a/2020/5xxx/CVE-2020-5936.json b/2020/5xxx/CVE-2020-5936.json index 53bc85b54b5..87596e299a6 100644 --- a/2020/5xxx/CVE-2020-5936.json +++ b/2020/5xxx/CVE-2020-5936.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM", + "version": { + "version_data": [ + { + "version_value": "15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K44020030", + "url": "https://support.f5.com/csp/article/K44020030" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile." } ] } From 13038115ea29085cd6511c7a12ac49cadf1fbe5f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 17:01:44 +0000 Subject: [PATCH 03/17] "-Synchronized-Data." --- 2018/5xxx/CVE-2018-5950.json | 5 +++ 2020/14xxx/CVE-2020-14882.json | 5 +++ 2020/25xxx/CVE-2020-25780.json | 56 ++++++++++++++++++++++++++---- 2020/27xxx/CVE-2020-27744.json | 56 ++++++++++++++++++++++++++---- 2020/27xxx/CVE-2020-27995.json | 62 ++++++++++++++++++++++++++++++++++ 5 files changed, 172 insertions(+), 12 deletions(-) create mode 100644 2020/27xxx/CVE-2020-27995.json diff --git a/2018/5xxx/CVE-2018-5950.json b/2018/5xxx/CVE-2018-5950.json index 03ef66528cc..f91bd21110b 100644 --- a/2018/5xxx/CVE-2018-5950.json +++ b/2018/5xxx/CVE-2018-5950.json @@ -91,6 +91,11 @@ "name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html" } ] } diff --git a/2020/14xxx/CVE-2020-14882.json b/2020/14xxx/CVE-2020-14882.json index 0ac78c260c1..495199dd693 100644 --- a/2020/14xxx/CVE-2020-14882.json +++ b/2020/14xxx/CVE-2020-14882.json @@ -80,6 +80,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html" } ] } diff --git a/2020/25xxx/CVE-2020-25780.json b/2020/25xxx/CVE-2020-25780.json index 930292ddc2e..7b9c988df37 100644 --- a/2020/25xxx/CVE-2020-25780.json +++ b/2020/25xxx/CVE-2020-25780.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25780", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25780", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://kb.commvault.com/article/63264", + "refsource": "MISC", + "name": "http://kb.commvault.com/article/63264" } ] } diff --git a/2020/27xxx/CVE-2020-27744.json b/2020/27xxx/CVE-2020-27744.json index c8e0bf9d234..2839215893f 100644 --- a/2020/27xxx/CVE-2020-27744.json +++ b/2020/27xxx/CVE-2020-27744.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27744", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27744", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114", + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114" } ] } diff --git a/2020/27xxx/CVE-2020-27995.json b/2020/27xxx/CVE-2020-27995.json new file mode 100644 index 00000000000..9ce973b84fe --- /dev/null +++ b/2020/27xxx/CVE-2020-27995.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/applications_manager/issues.html#v14560" + } + ] + } +} \ No newline at end of file From 87ad769cf569bb1419319f27b43caf9735015d54 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 18:01:40 +0000 Subject: [PATCH 04/17] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27747.json | 61 +++++++++++++++++++++++++--- 2020/27xxx/CVE-2020-27996.json | 67 +++++++++++++++++++++++++++++++ 2020/27xxx/CVE-2020-27997.json | 18 +++++++++ 2020/27xxx/CVE-2020-27998.json | 72 ++++++++++++++++++++++++++++++++++ 2020/27xxx/CVE-2020-27999.json | 18 +++++++++ 2020/28xxx/CVE-2020-28000.json | 18 +++++++++ 6 files changed, 248 insertions(+), 6 deletions(-) create mode 100644 2020/27xxx/CVE-2020-27996.json create mode 100644 2020/27xxx/CVE-2020-27997.json create mode 100644 2020/27xxx/CVE-2020-27998.json create mode 100644 2020/27xxx/CVE-2020-27999.json create mode 100644 2020/28xxx/CVE-2020-28000.json diff --git a/2020/27xxx/CVE-2020-27747.json b/2020/27xxx/CVE-2020-27747.json index 84fcd3d38e8..a0db21e5a34 100644 --- a/2020/27xxx/CVE-2020-27747.json +++ b/2020/27xxx/CVE-2020-27747.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27747", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27747", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.clickstudios.com.au/", + "refsource": "MISC", + "name": "https://www.clickstudios.com.au/" + }, + { + "refsource": "MISC", + "name": "https://github.com/jet-pentest/CVE-2020-27747", + "url": "https://github.com/jet-pentest/CVE-2020-27747" } ] } diff --git a/2020/27xxx/CVE-2020-27996.json b/2020/27xxx/CVE-2020-27996.json new file mode 100644 index 00000000000..82d9f7a1570 --- /dev/null +++ b/2020/27xxx/CVE-2020-27996.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/smartstore/SmartStoreNET/commit/8702c6140f4fc91956ef35dba12d24492fb3f768", + "refsource": "MISC", + "name": "https://github.com/smartstore/SmartStoreNET/commit/8702c6140f4fc91956ef35dba12d24492fb3f768" + }, + { + "url": "https://github.com/smartstore/SmartStoreNET/compare/4.0.0...4.0.1", + "refsource": "MISC", + "name": "https://github.com/smartstore/SmartStoreNET/compare/4.0.0...4.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27997.json b/2020/27xxx/CVE-2020-27997.json new file mode 100644 index 00000000000..1d376aeb021 --- /dev/null +++ b/2020/27xxx/CVE-2020-27997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27998.json b/2020/27xxx/CVE-2020-27998.json new file mode 100644 index 00000000000..f78593d04d8 --- /dev/null +++ b/2020/27xxx/CVE-2020-27998.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FastReports/FastReport/pull/206", + "refsource": "MISC", + "name": "https://github.com/FastReports/FastReport/pull/206" + }, + { + "url": "https://opensource.fast-report.com/2020/09/report-script-security.html", + "refsource": "MISC", + "name": "https://opensource.fast-report.com/2020/09/report-script-security.html" + }, + { + "url": "https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0", + "refsource": "MISC", + "name": "https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0" + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27999.json b/2020/27xxx/CVE-2020-27999.json new file mode 100644 index 00000000000..8304097b29d --- /dev/null +++ b/2020/27xxx/CVE-2020-27999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28000.json b/2020/28xxx/CVE-2020-28000.json new file mode 100644 index 00000000000..49dea86c271 --- /dev/null +++ b/2020/28xxx/CVE-2020-28000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-28000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e6c3f52b9159b7ccffe8dd8ac70bb66b4a013041 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 19:01:39 +0000 Subject: [PATCH 05/17] "-Synchronized-Data." --- 2017/14xxx/CVE-2017-14245.json | 5 +++ 2017/14xxx/CVE-2017-14246.json | 5 +++ 2017/14xxx/CVE-2017-14634.json | 5 +++ 2017/6xxx/CVE-2017-6892.json | 5 +++ 2018/19xxx/CVE-2018-19661.json | 5 +++ 2018/19xxx/CVE-2018-19662.json | 5 +++ 2018/19xxx/CVE-2018-19758.json | 5 +++ 2019/16xxx/CVE-2019-16728.json | 5 +++ 2019/3xxx/CVE-2019-3832.json | 5 +++ 2020/25xxx/CVE-2020-25516.json | 5 +++ 2020/26xxx/CVE-2020-26870.json | 5 +++ 2020/27xxx/CVE-2020-27886.json | 66 ++++++++++++++++++++++++++++++---- 2020/27xxx/CVE-2020-27887.json | 66 ++++++++++++++++++++++++++++++---- 2020/27xxx/CVE-2020-27986.json | 2 +- 14 files changed, 176 insertions(+), 13 deletions(-) diff --git a/2017/14xxx/CVE-2017-14245.json b/2017/14xxx/CVE-2017-14245.json index 0d1eacb9721..e7a459ae73c 100644 --- a/2017/14xxx/CVE-2017-14245.json +++ b/2017/14xxx/CVE-2017-14245.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-65", "url": "https://security.gentoo.org/glsa/202007-65" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2017/14xxx/CVE-2017-14246.json b/2017/14xxx/CVE-2017-14246.json index b331c6ea1ac..728b67b8989 100644 --- a/2017/14xxx/CVE-2017-14246.json +++ b/2017/14xxx/CVE-2017-14246.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-65", "url": "https://security.gentoo.org/glsa/202007-65" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2017/14xxx/CVE-2017-14634.json b/2017/14xxx/CVE-2017-14634.json index 6df03c802e3..fe74b260281 100644 --- a/2017/14xxx/CVE-2017-14634.json +++ b/2017/14xxx/CVE-2017-14634.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2017/6xxx/CVE-2017-6892.json b/2017/6xxx/CVE-2017-6892.json index bfae48e5d0a..a05b3a4c9d2 100644 --- a/2017/6xxx/CVE-2017-6892.json +++ b/2017/6xxx/CVE-2017-6892.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2018/19xxx/CVE-2018-19661.json b/2018/19xxx/CVE-2018-19661.json index eedab28fde9..8514768169a 100644 --- a/2018/19xxx/CVE-2018-19661.json +++ b/2018/19xxx/CVE-2018-19661.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2018/19xxx/CVE-2018-19662.json b/2018/19xxx/CVE-2018-19662.json index 7e5c9139e98..4a1751e6b73 100644 --- a/2018/19xxx/CVE-2018-19662.json +++ b/2018/19xxx/CVE-2018-19662.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2018/19xxx/CVE-2018-19758.json b/2018/19xxx/CVE-2018-19758.json index b04cbdd8cc8..e716d7901df 100644 --- a/2018/19xxx/CVE-2018-19758.json +++ b/2018/19xxx/CVE-2018-19758.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4013-1", "url": "https://usn.ubuntu.com/4013-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] } diff --git a/2019/16xxx/CVE-2019-16728.json b/2019/16xxx/CVE-2019-16728.json index c900155c41a..e20892c85c7 100644 --- a/2019/16xxx/CVE-2019-16728.json +++ b/2019/16xxx/CVE-2019-16728.json @@ -56,6 +56,11 @@ "url": "https://research.securitum.com/dompurify-bypass-using-mxss/", "refsource": "MISC", "name": "https://research.securitum.com/dompurify-bypass-using-mxss/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" } ] } diff --git a/2019/3xxx/CVE-2019-3832.json b/2019/3xxx/CVE-2019-3832.json index 65ba5729305..2023a3b1488 100644 --- a/2019/3xxx/CVE-2019-3832.json +++ b/2019/3xxx/CVE-2019-3832.json @@ -68,6 +68,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-65", "url": "https://security.gentoo.org/glsa/202007-65" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2418-1] libsndfile security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25516.json b/2020/25xxx/CVE-2020-25516.json index c6f2c71f5cf..d6e2bd7352f 100644 --- a/2020/25xxx/CVE-2020-25516.json +++ b/2020/25xxx/CVE-2020-25516.json @@ -56,6 +56,11 @@ "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0781", "refsource": "MISC", "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0781" + }, + { + "refsource": "MISC", + "name": "https://github.com/piuppi/Proof-of-Concepts/blob/main/WSO2/CVE-2020-25516.md", + "url": "https://github.com/piuppi/Proof-of-Concepts/blob/main/WSO2/CVE-2020-25516.md" } ] } diff --git a/2020/26xxx/CVE-2020-26870.json b/2020/26xxx/CVE-2020-26870.json index 020db4a7a0a..1c3ec698120 100644 --- a/2020/26xxx/CVE-2020-26870.json +++ b/2020/26xxx/CVE-2020-26870.json @@ -66,6 +66,11 @@ "url": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", "refsource": "MISC", "name": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" } ] } diff --git a/2020/27xxx/CVE-2020-27886.json b/2020/27xxx/CVE-2020-27886.json index c990c301f94..957a6027084 100644 --- a/2020/27xxx/CVE-2020-27886.json +++ b/2020/27xxx/CVE-2020-27886.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27886", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27886", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.eyesofnetwork.com/en", + "refsource": "MISC", + "name": "https://www.eyesofnetwork.com/en" + }, + { + "url": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso", + "refsource": "MISC", + "name": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso" + }, + { + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76", + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76" } ] } diff --git a/2020/27xxx/CVE-2020-27887.json b/2020/27xxx/CVE-2020-27887.json index 42d7063542c..f9c077548bc 100644 --- a/2020/27xxx/CVE-2020-27887.json +++ b/2020/27xxx/CVE-2020-27887.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27887", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27887", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.eyesofnetwork.com/en", + "refsource": "MISC", + "name": "https://www.eyesofnetwork.com/en" + }, + { + "url": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso", + "refsource": "MISC", + "name": "http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso" + }, + { + "url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76", + "refsource": "MISC", + "name": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/76" } ] } diff --git a/2020/27xxx/CVE-2020-27986.json b/2020/27xxx/CVE-2020-27986.json index 69379d83ab7..1e461a3a3ac 100644 --- a/2020/27xxx/CVE-2020-27986.json +++ b/2020/27xxx/CVE-2020-27986.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is \"it is the administrator's responsibility to configure it.\"" + "value": "** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is \"it is the administrator's responsibility to configure it.\"" } ] }, From aa129500f5da67c2d39cdc5c9a9bea8fd66fe2c4 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Thu, 29 Oct 2020 13:48:10 -0600 Subject: [PATCH 06/17] Add CVE-2020-26205 per request from maintainer --- 2020/26xxx/CVE-2020-26205.json | 85 +++++++++++++++++++++++++++++++--- 1 file changed, 79 insertions(+), 6 deletions(-) diff --git a/2020/26xxx/CVE-2020-26205.json b/2020/26xxx/CVE-2020-26205.json index 9d2e89944a1..8f1971f0977 100644 --- a/2020/26xxx/CVE-2020-26205.json +++ b/2020/26xxx/CVE-2020-26205.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-26205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS in Sal" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sal", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.1.6" + } + ] + } + } + ] + }, + "vendor_name": "salopensource" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/salopensource/sal/pull/405", + "refsource": "CONFIRM", + "url": "https://github.com/salopensource/sal/pull/405" + }, + { + "name": "https://github.com/salopensource/sal/commit/145bb72daf8460bdedbbc9fb708d346283e7a568", + "refsource": "MISC", + "url": "https://github.com/salopensource/sal/commit/145bb72daf8460bdedbbc9fb708d346283e7a568" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file From 8109c9fbb2f65e49d308cc971cb20bd8c996cfbd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 20:01:56 +0000 Subject: [PATCH 07/17] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11057.json | 5 +++ 2019/20xxx/CVE-2019-20363.json | 5 +++ 2019/20xxx/CVE-2019-20364.json | 5 +++ 2019/20xxx/CVE-2019-20365.json | 5 +++ 2019/20xxx/CVE-2019-20366.json | 5 +++ 2020/14xxx/CVE-2020-14323.json | 55 +++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14723.json | 5 +++ 2020/24xxx/CVE-2020-24408.json | 2 +- 2020/24xxx/CVE-2020-24601.json | 5 +++ 2020/25xxx/CVE-2020-25646.json | 60 ++++++++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27654.json | 7 +++- 2020/5xxx/CVE-2020-5504.json | 5 +++ 12 files changed, 156 insertions(+), 8 deletions(-) diff --git a/2019/11xxx/CVE-2019-11057.json b/2019/11xxx/CVE-2019-11057.json index c90d3d635bb..0a45a22d0e1 100644 --- a/2019/11xxx/CVE-2019-11057.json +++ b/2019/11xxx/CVE-2019-11057.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://medium.com/@mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c", "url": "https://medium.com/@mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html" } ] } diff --git a/2019/20xxx/CVE-2019-20363.json b/2019/20xxx/CVE-2019-20363.json index 59451614c83..46005e06c9c 100644 --- a/2019/20xxx/CVE-2019-20363.json +++ b/2019/20xxx/CVE-2019-20363.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20363-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20363-openfire.html" } ] } diff --git a/2019/20xxx/CVE-2019-20364.json b/2019/20xxx/CVE-2019-20364.json index 542bef49538..ce7d9eda741 100644 --- a/2019/20xxx/CVE-2019-20364.json +++ b/2019/20xxx/CVE-2019-20364.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20364-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20364-openfire.html" } ] } diff --git a/2019/20xxx/CVE-2019-20365.json b/2019/20xxx/CVE-2019-20365.json index ff164210afd..e2c6e88c503 100644 --- a/2019/20xxx/CVE-2019-20365.json +++ b/2019/20xxx/CVE-2019-20365.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20365-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20365-openfire.html" } ] } diff --git a/2019/20xxx/CVE-2019-20366.json b/2019/20xxx/CVE-2019-20366.json index ad02dba39f1..fb2b73daf5b 100644 --- a/2019/20xxx/CVE-2019-20366.json +++ b/2019/20xxx/CVE-2019-20366.json @@ -61,6 +61,11 @@ "url": "https://github.com/igniterealtime/Openfire/pull/1561", "refsource": "MISC", "name": "https://github.com/igniterealtime/Openfire/pull/1561" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20366-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20366-openfire.html" } ] } diff --git a/2020/14xxx/CVE-2020-14323.json b/2020/14xxx/CVE-2020-14323.json index 5eef6ad5dc9..249fde745c0 100644 --- a/2020/14xxx/CVE-2020-14323.json +++ b/2020/14xxx/CVE-2020-14323.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14323", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Samba", + "version": { + "version_data": [ + { + "version_value": "All samba versions before 4.11.15, before 4.12.9 and before 4.13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685" + }, + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2020-14323.html", + "url": "https://www.samba.org/samba/security/CVE-2020-14323.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service." } ] } diff --git a/2020/14xxx/CVE-2020-14723.json b/2020/14xxx/CVE-2020-14723.json index a8521dd1993..2cc9a41dce6 100644 --- a/2020/14xxx/CVE-2020-14723.json +++ b/2020/14xxx/CVE-2020-14723.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2020-14723-oracle.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2020-14723-oracle.html" } ] } diff --git a/2020/24xxx/CVE-2020-24408.json b/2020/24xxx/CVE-2020-24408.json index 605f522b531..e69d3ebfe1f 100644 --- a/2020/24xxx/CVE-2020-24408.json +++ b/2020/24xxx/CVE-2020-24408.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file." + "value": "New description: Magento versions 2.4.0 and 2.3.5p2 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file." } ] }, diff --git a/2020/24xxx/CVE-2020-24601.json b/2020/24xxx/CVE-2020-24601.json index ce9952e236d..2cb688bad04 100644 --- a/2020/24xxx/CVE-2020-24601.json +++ b/2020/24xxx/CVE-2020-24601.json @@ -56,6 +56,11 @@ "url": "https://issues.igniterealtime.org/browse/OF-1963", "refsource": "MISC", "name": "https://issues.igniterealtime.org/browse/OF-1963" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.html" } ] } diff --git a/2020/25xxx/CVE-2020-25646.json b/2020/25xxx/CVE-2020-25646.json index c5bbe81a4f4..92e821afbd3 100644 --- a/2020/25xxx/CVE-2020-25646.json +++ b/2020/25xxx/CVE-2020-25646.json @@ -4,15 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ansible Community", + "product": { + "product_data": [ + { + "product_name": "Community Collections", + "version": { + "version_data": [ + { + "version_value": "from 1.0.0 to 1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-117" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ansible-collections/community.crypto/commit/233d1afc296f6770e905a1785ee2f35af7605e43", + "refsource": "MISC", + "name": "https://github.com/ansible-collections/community.crypto/commit/233d1afc296f6770e905a1785ee2f35af7605e43" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality" } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27654.json b/2020/27xxx/CVE-2020-27654.json index 28008c35eba..793669aa9e6 100644 --- a/2020/27xxx/CVE-2020-27654.json +++ b/2020/27xxx/CVE-2020-27654.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065" } ] } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5504.json b/2020/5xxx/CVE-2020-5504.json index f4a028a29d1..fe907667d1c 100644 --- a/2020/5xxx/CVE-2020-5504.json +++ b/2020/5xxx/CVE-2020-5504.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html" } ] } From e7b15410f2e4c00a65cbab5466b56049c8136a4b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 20:02:30 +0000 Subject: [PATCH 08/17] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20439.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20439.json b/2019/20xxx/CVE-2019-20439.json index 87a6fb80216..0e51f35cf8a 100644 --- a/2019/20xxx/CVE-2019-20439.json +++ b/2019/20xxx/CVE-2019-20439.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/21", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/21" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20439-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20439-wso2.html" } ] }, From 11288f2ccb926de83fb0ca528acb7445d7b301de Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 21:01:39 +0000 Subject: [PATCH 09/17] "-Synchronized-Data." --- 2016/11xxx/CVE-2016-11014.json | 5 +++ 2016/11xxx/CVE-2016-11015.json | 5 +++ 2017/14xxx/CVE-2017-14651.json | 5 +++ 2018/18xxx/CVE-2018-18809.json | 5 +++ 2018/20xxx/CVE-2018-20432.json | 5 +++ 2019/19xxx/CVE-2019-19306.json | 5 +++ 2019/20xxx/CVE-2019-20434.json | 5 +++ 2019/20xxx/CVE-2019-20435.json | 5 +++ 2019/20xxx/CVE-2019-20436.json | 5 +++ 2019/20xxx/CVE-2019-20437.json | 5 +++ 2019/20xxx/CVE-2019-20438.json | 5 +++ 2019/20xxx/CVE-2019-20440.json | 5 +++ 2019/20xxx/CVE-2019-20441.json | 5 +++ 2019/20xxx/CVE-2019-20442.json | 5 +++ 2019/20xxx/CVE-2019-20443.json | 5 +++ 2020/27xxx/CVE-2020-27648.json | 7 +++- 2020/27xxx/CVE-2020-27649.json | 7 +++- 2020/27xxx/CVE-2020-27651.json | 7 +++- 2020/27xxx/CVE-2020-27885.json | 61 ++++++++++++++++++++++++++++++---- 19 files changed, 148 insertions(+), 9 deletions(-) diff --git a/2016/11xxx/CVE-2016-11014.json b/2016/11xxx/CVE-2016-11014.json index 6d9ebc08d81..e9d45fa58b7 100644 --- a/2016/11xxx/CVE-2016-11014.json +++ b/2016/11xxx/CVE-2016-11014.json @@ -71,6 +71,11 @@ "url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html", "refsource": "MISC", "name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html" } ] } diff --git a/2016/11xxx/CVE-2016-11015.json b/2016/11xxx/CVE-2016-11015.json index b1e764831b4..400cad9bf5f 100644 --- a/2016/11xxx/CVE-2016-11015.json +++ b/2016/11xxx/CVE-2016-11015.json @@ -71,6 +71,11 @@ "url": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/", "refsource": "MISC", "name": "https://pmcg2k15.wordpress.com/2016/01/11/fd-cross-site-request-forgery-in-netgear-router-jnr1010-version-1-0-0-24/" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2016-11015-netgear.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2016-11015-netgear.html" } ] } diff --git a/2017/14xxx/CVE-2017-14651.json b/2017/14xxx/CVE-2017-14651.json index cf316525daf..564a680d9a4 100644 --- a/2017/14xxx/CVE-2017-14651.json +++ b/2017/14xxx/CVE-2017-14651.json @@ -61,6 +61,11 @@ "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265", "refsource": "MISC", "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html" } ] } diff --git a/2018/18xxx/CVE-2018-18809.json b/2018/18xxx/CVE-2018-18809.json index fd29bde83fc..3b5b7e25463 100644 --- a/2018/18xxx/CVE-2018-18809.json +++ b/2018/18xxx/CVE-2018-18809.json @@ -227,6 +227,11 @@ "refsource": "MISC", "name": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html", "url": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html" } ] }, diff --git a/2018/20xxx/CVE-2018-20432.json b/2018/20xxx/CVE-2018-20432.json index f8d049f1eba..25e47c6b661 100644 --- a/2018/20xxx/CVE-2018-20432.json +++ b/2018/20xxx/CVE-2018-20432.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109", "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html" } ] } diff --git a/2019/19xxx/CVE-2019-19306.json b/2019/19xxx/CVE-2019-19306.json index 61e984cf0a3..96897cd9276 100644 --- a/2019/19xxx/CVE-2019-19306.json +++ b/2019/19xxx/CVE-2019-19306.json @@ -66,6 +66,11 @@ "url": "https://wordpress.org/plugins/zoho-crm-forms/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/zoho-crm-forms/#developers" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-19306-zoho.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-19306-zoho.html" } ] } diff --git a/2019/20xxx/CVE-2019-20434.json b/2019/20xxx/CVE-2019-20434.json index 98f504522cc..368c71505d8 100644 --- a/2019/20xxx/CVE-2019-20434.json +++ b/2019/20xxx/CVE-2019-20434.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/17", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/17" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20434-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20434-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20435.json b/2019/20xxx/CVE-2019-20435.json index c4d7f4672f4..d92c386b0c9 100644 --- a/2019/20xxx/CVE-2019-20435.json +++ b/2019/20xxx/CVE-2019-20435.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/18", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/18" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20435-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20435-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20436.json b/2019/20xxx/CVE-2019-20436.json index 48e9bf4e149..509ad709e19 100644 --- a/2019/20xxx/CVE-2019-20436.json +++ b/2019/20xxx/CVE-2019-20436.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/19", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/19" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20437.json b/2019/20xxx/CVE-2019-20437.json index dc7aac9b011..6f66f161b26 100644 --- a/2019/20xxx/CVE-2019-20437.json +++ b/2019/20xxx/CVE-2019-20437.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/20", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/20" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20438.json b/2019/20xxx/CVE-2019-20438.json index 7210c6c2d89..09c2e295336 100644 --- a/2019/20xxx/CVE-2019-20438.json +++ b/2019/20xxx/CVE-2019-20438.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/22", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/22" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20438-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20438-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20440.json b/2019/20xxx/CVE-2019-20440.json index 61a0ce6d5db..f30ac0219b1 100644 --- a/2019/20xxx/CVE-2019-20440.json +++ b/2019/20xxx/CVE-2019-20440.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/24", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/24" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20440-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20440-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20441.json b/2019/20xxx/CVE-2019-20441.json index c741b495e74..b2d052ecbbe 100644 --- a/2019/20xxx/CVE-2019-20441.json +++ b/2019/20xxx/CVE-2019-20441.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/23", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/23" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20441-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20441-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20442.json b/2019/20xxx/CVE-2019-20442.json index 28f0297aa0b..9cf5a9e4c3d 100644 --- a/2019/20xxx/CVE-2019-20442.json +++ b/2019/20xxx/CVE-2019-20442.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/25", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/25" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20442-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20442-wso2.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20443.json b/2019/20xxx/CVE-2019-20443.json index 1797e791e15..b36bdb13811 100644 --- a/2019/20xxx/CVE-2019-20443.json +++ b/2019/20xxx/CVE-2019-20443.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/26", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/26" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2019-20443-wso2.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2019-20443-wso2.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27648.json b/2020/27xxx/CVE-2020-27648.json index 0c052dd4d64..d791d8374b3 100644 --- a/2020/27xxx/CVE-2020-27648.json +++ b/2020/27xxx/CVE-2020-27648.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_18", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_18" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27649.json b/2020/27xxx/CVE-2020-27649.json index cc998ec8c8f..e2f8271ecdd 100644 --- a/2020/27xxx/CVE-2020-27649.json +++ b/2020/27xxx/CVE-2020-27649.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1058" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27651.json b/2020/27xxx/CVE-2020-27651.json index 67669ebd4e9..978afa61106 100644 --- a/2020/27xxx/CVE-2020-27651.json +++ b/2020/27xxx/CVE-2020-27651.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27885.json b/2020/27xxx/CVE-2020-27885.json index 5db9ac52cbd..e265f807b35 100644 --- a/2020/27xxx/CVE-2020-27885.json +++ b/2020/27xxx/CVE-2020-27885.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27885", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27885", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user\u2019s session by stealing cookies which means that a malicious hacker can change the logged-in user\u2019s password and invalidate the session of the victim while the hacker maintains access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/2020+Advisories", + "url": "https://docs.wso2.com/display/Security/2020+Advisories" + }, + { + "refsource": "MISC", + "name": "https://www.rodrigofavarini.com.br/cybersecurity/multiple-xss-on-api-manager-3-1-0/", + "url": "https://www.rodrigofavarini.com.br/cybersecurity/multiple-xss-on-api-manager-3-1-0/" } ] } From b3c3c1fca640a80777b78f153662aa1ebca270d2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 21:02:13 +0000 Subject: [PATCH 10/17] "-Synchronized-Data." --- 2016/11xxx/CVE-2016-11016.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2016/11xxx/CVE-2016-11016.json b/2016/11xxx/CVE-2016-11016.json index a8e7bb5ff30..10964e1eb6e 100644 --- a/2016/11xxx/CVE-2016-11016.json +++ b/2016/11xxx/CVE-2016-11016.json @@ -76,6 +76,11 @@ "url": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html", "refsource": "MISC", "name": "https://khalil-shreateh.com/khalil.shtml/it-highlights/592-Netgear-1.0.0.24-Cross-Site-Request-Forgery--.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2016-11016-netgear.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2016-11016-netgear.html" } ] } From bfc351a08f2612aee287e9011f83412af1c98758 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 22:01:42 +0000 Subject: [PATCH 11/17] "-Synchronized-Data." --- 2015/8xxx/CVE-2015-8606.json | 5 +++++ 2015/8xxx/CVE-2015-8766.json | 5 +++++ 2015/9xxx/CVE-2015-9228.json | 5 +++++ 2015/9xxx/CVE-2015-9229.json | 5 +++++ 2015/9xxx/CVE-2015-9230.json | 5 +++++ 2015/9xxx/CVE-2015-9260.json | 5 +++++ 2015/9xxx/CVE-2015-9410.json | 5 +++++ 2015/9xxx/CVE-2015-9537.json | 5 +++++ 2015/9xxx/CVE-2015-9538.json | 5 +++++ 2015/9xxx/CVE-2015-9539.json | 5 +++++ 2015/9xxx/CVE-2015-9549.json | 5 +++++ 2017/14xxx/CVE-2017-14530.json | 5 +++++ 2020/27xxx/CVE-2020-27652.json | 7 ++++++- 2020/27xxx/CVE-2020-27653.json | 7 ++++++- 2020/27xxx/CVE-2020-27654.json | 5 +++++ 2020/27xxx/CVE-2020-27658.json | 7 ++++++- 16 files changed, 83 insertions(+), 3 deletions(-) diff --git a/2015/8xxx/CVE-2015-8606.json b/2015/8xxx/CVE-2015-8606.json index 36a9b5fcb07..b9313fb7ac8 100644 --- a/2015/8xxx/CVE-2015-8606.json +++ b/2015/8xxx/CVE-2015-8606.json @@ -76,6 +76,11 @@ "name": "20151213 SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Dec/55" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html" } ] } diff --git a/2015/8xxx/CVE-2015-8766.json b/2015/8xxx/CVE-2015-8766.json index a38ef7bf2f2..344999461cb 100644 --- a/2015/8xxx/CVE-2015-8766.json +++ b/2015/8xxx/CVE-2015-8766.json @@ -66,6 +66,11 @@ "name": "20151213 Symphony 2.6.3 \u00c3\u00a2\u00e2\u0082\u00ac\u00e2\u0080\u009c Multiple Persistent Cross-Site Scripting Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Dec/60" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html" } ] } diff --git a/2015/9xxx/CVE-2015-9228.json b/2015/9xxx/CVE-2015-9228.json index d624b112acc..af465f06f36 100644 --- a/2015/9xxx/CVE-2015-9228.json +++ b/2015/9xxx/CVE-2015-9228.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/9758", "url": "https://wpvulndb.com/vulnerabilities/9758" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html" } ] } diff --git a/2015/9xxx/CVE-2015-9229.json b/2015/9xxx/CVE-2015-9229.json index f532f9cb148..db11b5b66a5 100644 --- a/2015/9xxx/CVE-2015-9229.json +++ b/2015/9xxx/CVE-2015-9229.json @@ -56,6 +56,11 @@ "name": "https://github.com/cybersecurityworks/Disclosed/issues/5", "refsource": "MISC", "url": "https://github.com/cybersecurityworks/Disclosed/issues/5" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9229-nextgen-gallery.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9229-nextgen-gallery.html" } ] } diff --git a/2015/9xxx/CVE-2015-9230.json b/2015/9xxx/CVE-2015-9230.json index 61c3bf52dd1..1f6a1bf4ed3 100644 --- a/2015/9xxx/CVE-2015-9230.json +++ b/2015/9xxx/CVE-2015-9230.json @@ -81,6 +81,11 @@ "name": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html" } ] } diff --git a/2015/9xxx/CVE-2015-9260.json b/2015/9xxx/CVE-2015-9260.json index c74badd42b9..5b4003fbf62 100644 --- a/2015/9xxx/CVE-2015-9260.json +++ b/2015/9xxx/CVE-2015-9260.json @@ -66,6 +66,11 @@ "name": "https://github.com/cybersecurityworks/Disclosed/issues/8", "refsource": "MISC", "url": "https://github.com/cybersecurityworks/Disclosed/issues/8" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html" } ] } diff --git a/2015/9xxx/CVE-2015-9410.json b/2015/9xxx/CVE-2015-9410.json index c72a09857c7..00d2e46e084 100644 --- a/2015/9xxx/CVE-2015-9410.json +++ b/2015/9xxx/CVE-2015-9410.json @@ -61,6 +61,11 @@ "url": "https://github.com/cybersecurityworks/Disclosed/issues/7", "refsource": "MISC", "name": "https://github.com/cybersecurityworks/Disclosed/issues/7" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html" } ] } diff --git a/2015/9xxx/CVE-2015-9537.json b/2015/9xxx/CVE-2015-9537.json index 85c2dd48b8e..a30ab45678c 100644 --- a/2015/9xxx/CVE-2015-9537.json +++ b/2015/9xxx/CVE-2015-9537.json @@ -66,6 +66,11 @@ "url": "https://www.openwall.com/lists/oss-security/2015/10/27/4", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2015/10/27/4" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html" } ] } diff --git a/2015/9xxx/CVE-2015-9538.json b/2015/9xxx/CVE-2015-9538.json index d6c95d5170b..9ba80104fc2 100644 --- a/2015/9xxx/CVE-2015-9538.json +++ b/2015/9xxx/CVE-2015-9538.json @@ -81,6 +81,11 @@ "url": "https://www.openwall.com/lists/oss-security/2015/09/01/7", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2015/09/01/7" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html" } ] } diff --git a/2015/9xxx/CVE-2015-9539.json b/2015/9xxx/CVE-2015-9539.json index aa17ff3ea44..0ccd1c5debc 100644 --- a/2015/9xxx/CVE-2015-9539.json +++ b/2015/9xxx/CVE-2015-9539.json @@ -66,6 +66,11 @@ "url": "https://github.com/amansaini/fast-secure-contact-form", "refsource": "MISC", "name": "https://github.com/amansaini/fast-secure-contact-form" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9539-fastsecure.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9539-fastsecure.html" } ] } diff --git a/2015/9xxx/CVE-2015-9549.json b/2015/9xxx/CVE-2015-9549.json index 074a252009c..47f1d0b23c4 100644 --- a/2015/9xxx/CVE-2015-9549.json +++ b/2015/9xxx/CVE-2015-9549.json @@ -61,6 +61,11 @@ "url": "https://www.openwall.com/lists/oss-security/2015/12/19/2", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2015/12/19/2" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2015-9549-ocportal.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2015-9549-ocportal.html" } ] } diff --git a/2017/14xxx/CVE-2017-14530.json b/2017/14xxx/CVE-2017-14530.json index cb78b09cefe..f8c3eea7ad4 100644 --- a/2017/14xxx/CVE-2017-14530.json +++ b/2017/14xxx/CVE-2017-14530.json @@ -61,6 +61,11 @@ "name": "https://github.com/cybersecurityworks/Disclosed/issues/9", "refsource": "MISC", "url": "https://github.com/cybersecurityworks/Disclosed/issues/9" + }, + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2017-14530-crony.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2017-14530-crony.html" } ] } diff --git a/2020/27xxx/CVE-2020-27652.json b/2020/27xxx/CVE-2020-27652.json index 3d2b134fbfc..e410b6ad5fd 100644 --- a/2020/27xxx/CVE-2020-27652.json +++ b/2020/27xxx/CVE-2020-27652.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_18", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_18" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27653.json b/2020/27xxx/CVE-2020-27653.json index c89d9825353..ddf1497dec6 100644 --- a/2020/27xxx/CVE-2020-27653.json +++ b/2020/27xxx/CVE-2020-27653.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27654.json b/2020/27xxx/CVE-2020-27654.json index 793669aa9e6..fb1766282d6 100644 --- a/2020/27xxx/CVE-2020-27654.json +++ b/2020/27xxx/CVE-2020-27654.json @@ -70,6 +70,11 @@ "refsource": "MISC", "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1064" } ] } diff --git a/2020/27xxx/CVE-2020-27658.json b/2020/27xxx/CVE-2020-27658.json index f517c579105..08234bce1bf 100644 --- a/2020/27xxx/CVE-2020-27658.json +++ b/2020/27xxx/CVE-2020-27658.json @@ -65,7 +65,12 @@ "name": "https://www.synology.com/security/advisory/Synology_SA_20_14", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_14" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086" } ] } -} +} \ No newline at end of file From aa73ab0d10b4997a36a56892801390ef0b85eec9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Oct 2020 23:01:38 +0000 Subject: [PATCH 12/17] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13957.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2020/13xxx/CVE-2020-13957.json b/2020/13xxx/CVE-2020-13957.json index 5b77f46c872..ea2b7c711ad 100644 --- a/2020/13xxx/CVE-2020-13957.json +++ b/2020/13xxx/CVE-2020-13957.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20201023-0002/", "url": "https://security.netapp.com/advisory/ntap-20201023-0002/" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20201029 [jira] [Commented] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented", + "url": "https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E" } ] }, From 99ab17ac3f032a7a0a22c22f5ac5a499c0423662 Mon Sep 17 00:00:00 2001 From: jpattrendmicro Date: Thu, 29 Oct 2020 16:13:01 -0700 Subject: [PATCH 13/17] Trend Micro 10/29/2020 --- 2020/27xxx/CVE-2020-27014.json | 79 ++++++++++++++++++++++++++-------- 2020/27xxx/CVE-2020-27015.json | 79 ++++++++++++++++++++++++++-------- 2 files changed, 124 insertions(+), 34 deletions(-) diff --git a/2020/27xxx/CVE-2020-27014.json b/2020/27xxx/CVE-2020-27014.json index 096fae1f68f..7ee0300c8e6 100644 --- a/2020/27xxx/CVE-2020-27014.json +++ b/2020/27xxx/CVE-2020-27014.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-27014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2020-27014", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Antivirus for Mac (Consumer)", + "version" : { + "version_data" : [ + { + "version_value" : "2020 (v10.x) and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Race Condition" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/" + } + ] + } +} diff --git a/2020/27xxx/CVE-2020-27015.json b/2020/27xxx/CVE-2020-27015.json index 944422db8ad..ee59145a308 100644 --- a/2020/27xxx/CVE-2020-27015.json +++ b/2020/27xxx/CVE-2020-27015.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-27015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2020-27015", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Antivirus for Mac (Consumer)", + "version" : { + "version_data" : [ + { + "version_value" : "2020 (v10.x) and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland.\r\n\r\n\n\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/" + } + ] + } +} From 561b5d222b1aea514fec02d335b313efc82c23c7 Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Fri, 30 Oct 2020 12:19:32 +0900 Subject: [PATCH 14/17] JPCERT/CC 2020-10-30-12-14 --- 2020/5xxx/CVE-2020-5652.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5653.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5654.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5655.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5656.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5657.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5658.json | 53 ++++++++++++++++++++++++++++++++++-- 7 files changed, 350 insertions(+), 21 deletions(-) diff --git a/2020/5xxx/CVE-2020-5652.json b/2020/5xxx/CVE-2020-5652.json index 51ff3e4af6a..85be43102da 100644 --- a/2020/5xxx/CVE-2020-5652.json +++ b/2020/5xxx/CVE-2020-5652.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R, Q and L series", + "version": { + "version_data": [ + { + "version_value": "R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier, Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, and L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-013.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-013_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU96558207/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition ." } ] } diff --git a/2020/5xxx/CVE-2020-5653.json b/2020/5xxx/CVE-2020-5653.json index 3d1224a255e..e64cf01bef2 100644 --- a/2020/5xxx/CVE-2020-5653.json +++ b/2020/5xxx/CVE-2020-5653.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5654.json b/2020/5xxx/CVE-2020-5654.json index ed3bd2cdbe9..5a07327a42e 100644 --- a/2020/5xxx/CVE-2020-5654.json +++ b/2020/5xxx/CVE-2020-5654.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session fixation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5655.json b/2020/5xxx/CVE-2020-5655.json index 11927b636c4..1591d02444f 100644 --- a/2020/5xxx/CVE-2020-5655.json +++ b/2020/5xxx/CVE-2020-5655.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5656.json b/2020/5xxx/CVE-2020-5656.json index 890c75b5d1e..6d1fb53a238 100644 --- a/2020/5xxx/CVE-2020-5656.json +++ b/2020/5xxx/CVE-2020-5656.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5657.json b/2020/5xxx/CVE-2020-5657.json index 20daa1dd622..43d1f47138e 100644 --- a/2020/5xxx/CVE-2020-5657.json +++ b/2020/5xxx/CVE-2020-5657.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet." } ] } diff --git a/2020/5xxx/CVE-2020-5658.json b/2020/5xxx/CVE-2020-5658.json index 13c8630e5b5..94f37d6640f 100644 --- a/2020/5xxx/CVE-2020-5658.json +++ b/2020/5xxx/CVE-2020-5658.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series", + "version": { + "version_data": [ + { + "version_value": "RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-012.pdf" + }, + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-012_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU92513419/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." } ] } From b5bdf887bd7f1a3c27445abf6da9ea167cc45e1e Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Fri, 30 Oct 2020 12:29:41 +0900 Subject: [PATCH 15/17] fix: typo --- 2020/5xxx/CVE-2020-5658.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/5xxx/CVE-2020-5658.json b/2020/5xxx/CVE-2020-5658.json index 94f37d6640f..71e6b23e911 100644 --- a/2020/5xxx/CVE-2020-5658.json +++ b/2020/5xxx/CVE-2020-5658.json @@ -58,8 +58,8 @@ "description_data": [ { "lang": "eng", - "value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." + "value": "Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet." } ] } -} \ No newline at end of file +} From 9d3adc446d8492b688ae23f4345e34124fe4fe3a Mon Sep 17 00:00:00 2001 From: snyk-security-bot <66014823+snyk-security-bot@users.noreply.github.com> Date: Fri, 30 Oct 2020 12:53:42 +0200 Subject: [PATCH 16/17] Adds CVE-2020-7759 --- 2020/7xxx/CVE-2020-7759.json | 84 ++++++++++++++++++++++++++++++++++-- 1 file changed, 80 insertions(+), 4 deletions(-) diff --git a/2020/7xxx/CVE-2020-7759.json b/2020/7xxx/CVE-2020-7759.json index 75fb7e212fe..24ec20738bf 100644 --- a/2020/7xxx/CVE-2020-7759.json +++ b/2020/7xxx/CVE-2020-7759.json @@ -3,16 +3,92 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2020-10-30T10:53:39.750312Z", "ID": "CVE-2020-7759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SQL Injection" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pimcore/pimcore", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "6.7.2" + }, + { + "version_affected": "<", + "version_value": "6.8.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1017405" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/pimcore/pimcore/pull/7315" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{\"keyId\"%3a\"''\",\"groupId\"%3a\"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+\"}]\n" } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Daniele Scanu" + } + ] } \ No newline at end of file From 89adc83410b2c41ab507b408e208700ef5263e67 Mon Sep 17 00:00:00 2001 From: snyk-security-bot <66014823+snyk-security-bot@users.noreply.github.com> Date: Fri, 30 Oct 2020 13:07:10 +0200 Subject: [PATCH 17/17] Adds CVE-2020-7760 --- 2020/7xxx/CVE-2020-7760.json | 122 +++++++++++++++++++++++++++++++++-- 1 file changed, 118 insertions(+), 4 deletions(-) diff --git a/2020/7xxx/CVE-2020-7760.json b/2020/7xxx/CVE-2020-7760.json index c268c14469b..66ba82bbc7c 100644 --- a/2020/7xxx/CVE-2020-7760.json +++ b/2020/7xxx/CVE-2020-7760.json @@ -3,16 +3,130 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2020-10-30T11:07:07.654911Z", "ID": "CVE-2020-7760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Regular Expression Denial of Service (ReDoS)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "codemirror", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.58.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + }, + { + "product": { + "product_data": [ + { + "product_name": "org.apache.marmotta.webjars:codemirror", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.58.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Regular Expression Denial of Service (ReDoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2.\n The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*\r\n\r\n" } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Yeting Li" + } + ] } \ No newline at end of file