From e1e3bb732c72b80f307c42a8e8719ce4ddc617ca Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Apr 2020 15:01:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/4xxx/CVE-2016-4074.json | 5 + 2020/11xxx/CVE-2020-11100.json | 81 ++++++++++++- 2020/11xxx/CVE-2020-11451.json | 61 +++++++++- 2020/11xxx/CVE-2020-11454.json | 61 +++++++++- 2020/4xxx/CVE-2020-4303.json | 178 +++++++++++++-------------- 2020/4xxx/CVE-2020-4304.json | 178 +++++++++++++-------------- 2020/4xxx/CVE-2020-4325.json | 216 ++++++++++++++++----------------- 2020/6xxx/CVE-2020-6852.json | 61 +++++++++- 2020/8xxx/CVE-2020-8016.json | 4 +- 2020/8xxx/CVE-2020-8017.json | 6 +- 2020/9xxx/CVE-2020-9349.json | 61 +++++++++- 11 files changed, 591 insertions(+), 321 deletions(-) diff --git a/2016/4xxx/CVE-2016-4074.json b/2016/4xxx/CVE-2016-4074.json index badeb732b27..35e0aa6e7c6 100644 --- a/2016/4xxx/CVE-2016-4074.json +++ b/2016/4xxx/CVE-2016-4074.json @@ -66,6 +66,11 @@ "name": "[oss-security] 20160424 CVE Request: jq: stack exhaustion using jv_dump_term() function", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/04/24/3" + }, + { + "refsource": "MISC", + "name": "https://github.com/stedolan/jq/", + "url": "https://github.com/stedolan/jq/" } ] } diff --git a/2020/11xxx/CVE-2020-11100.json b/2020/11xxx/CVE-2020-11100.json index 5b1d2a28bc8..3edcca397b8 100644 --- a/2020/11xxx/CVE-2020-11100.json +++ b/2020/11xxx/CVE-2020-11100.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11100", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11100", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.haproxy.org", + "refsource": "MISC", + "name": "http://www.haproxy.org" + }, + { + "refsource": "CONFIRM", + "name": "https://www.haproxy.org/download/2.1/src/CHANGELOG", + "url": "https://www.haproxy.org/download/2.1/src/CHANGELOG" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.debian.org/debian-security-announce/2020/msg00052.html", + "url": "https://lists.debian.org/debian-security-announce/2020/msg00052.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mail-archive.com/haproxy@formilux.org/msg36876.html", + "url": "https://www.mail-archive.com/haproxy@formilux.org/msg36876.html" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1819111", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819111" + }, + { + "refsource": "CONFIRM", + "name": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88", + "url": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88" } ] } diff --git a/2020/11xxx/CVE-2020-11451.json b/2020/11xxx/CVE-2020-11451.json index d7c796d2b67..f6b4f262b28 100644 --- a/2020/11xxx/CVE-2020-11451.json +++ b/2020/11xxx/CVE-2020-11451.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11451", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11451", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability", + "refsource": "MISC", + "name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability" + }, + { + "refsource": "MISC", + "name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/", + "url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/" } ] } diff --git a/2020/11xxx/CVE-2020-11454.json b/2020/11xxx/CVE-2020-11454.json index 6d3841ccf67..63a00dacf9b 100644 --- a/2020/11xxx/CVE-2020-11454.json +++ b/2020/11xxx/CVE-2020-11454.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11454", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11454", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability", + "refsource": "MISC", + "name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability" + }, + { + "refsource": "MISC", + "name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/", + "url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/" } ] } diff --git a/2020/4xxx/CVE-2020-4303.json b/2020/4xxx/CVE-2020-4303.json index baa8f15b4ce..acdf6748130 100644 --- a/2020/4xxx/CVE-2020-4303.json +++ b/2020/4xxx/CVE-2020-4303.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-03-31T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4303" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6147195", - "title" : "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6147195" - }, - { - "refsource" : "XF", - "name" : "ibm-websphere-cve20204303-xss (176668)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176668" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-03-31T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4303" + }, + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "17.0.0.3" - }, - { - "version_value" : "20.0.0.3" - } - ] - }, - "product_name" : "WebSphere Application Server Liberty" - } - ] - }, - "vendor_name" : "IBM" + "url": "https://www.ibm.com/support/pages/node/6147195", + "title": "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6147195" + }, + { + "refsource": "XF", + "name": "ibm-websphere-cve20204303-xss (176668)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176668" } - ] - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "17.0.0.3" + }, + { + "version_value": "20.0.0.3" + } + ] + }, + "product_name": "WebSphere Application Server Liberty" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "AC" : "L", - "AV" : "N", - "UI" : "R", - "PR" : "N", - "I" : "L", - "SCORE" : "6.100", - "S" : "C", - "A" : "N", - "C" : "L" - } - } - } -} + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + }, + "BM": { + "AC": "L", + "AV": "N", + "UI": "R", + "PR": "N", + "I": "L", + "SCORE": "6.100", + "S": "C", + "A": "N", + "C": "L" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4304.json b/2020/4xxx/CVE-2020-4304.json index e7126aa52e3..9971c2c0d96 100644 --- a/2020/4xxx/CVE-2020-4304.json +++ b/2020/4xxx/CVE-2020-4304.json @@ -1,93 +1,93 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6147195", - "title" : "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)", - "url" : "https://www.ibm.com/support/pages/node/6147195" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-websphere-cve20204304-xss (176670)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176670" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-03-31T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4304" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "17.0.0.3" - }, - { - "version_value" : "20.0.0.3" - } - ] - }, - "product_name" : "WebSphere Application Server Liberty" - } - ] - }, - "vendor_name" : "IBM" + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6147195", + "title": "IBM Security Bulletin 6147195 (WebSphere Application Server Liberty)", + "url": "https://www.ibm.com/support/pages/node/6147195" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-websphere-cve20204304-xss (176670)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176670" } - ] - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-03-31T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2020-4304" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "17.0.0.3" + }, + { + "version_value": "20.0.0.3" + } + ] + }, + "product_name": "WebSphere Application Server Liberty" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "H", - "RC" : "C" - }, - "BM" : { - "I" : "L", - "SCORE" : "6.100", - "PR" : "N", - "UI" : "R", - "AC" : "L", - "AV" : "N", - "C" : "L", - "A" : "N", - "S" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + }, + "BM": { + "I": "L", + "SCORE": "6.100", + "PR": "N", + "UI": "R", + "AC": "L", + "AV": "N", + "C": "L", + "A": "N", + "S": "C" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4325.json b/2020/4xxx/CVE-2020-4325.json index 7429773f30e..35893db60c0 100644 --- a/2020/4xxx/CVE-2020-4325.json +++ b/2020/4xxx/CVE-2020-4325.json @@ -1,112 +1,112 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6125403 (Automation Workstream Services in Cloud Pak for Automation)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6125403", - "url" : "https://www.ibm.com/support/pages/node/6125403" - }, - { - "name" : "ibm-icp4a-cve20204325-dos (177596)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4325", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-04-01T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "18.0.0.1" - }, - { - "version_value" : "18.0.0.2" - }, - { - "version_value" : "19.0.0.1" - }, - { - "version_value" : "19.0.0.2" - }, - { - "version_value" : "19.0.0.3" - } - ] - }, - "product_name" : "Process Federation Server" - }, - { - "product_name" : "Automation Workstream Services in Cloud Pak for Automation", - "version" : { - "version_data" : [ - { - "version_value" : "19.0.0.3" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6125403 (Automation Workstream Services in Cloud Pak for Automation)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6125403", + "url": "https://www.ibm.com/support/pages/node/6125403" + }, + { + "name": "ibm-icp4a-cve20204325-dos (177596)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596" } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "N", - "S" : "U", - "A" : "H", - "PR" : "L", - "SCORE" : "6.500", - "I" : "N", - "AV" : "N", - "AC" : "L", - "UI" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4325", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-04-01T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "18.0.0.1" + }, + { + "version_value": "18.0.0.2" + }, + { + "version_value": "19.0.0.1" + }, + { + "version_value": "19.0.0.2" + }, + { + "version_value": "19.0.0.3" + } + ] + }, + "product_name": "Process Federation Server" + }, + { + "product_name": "Automation Workstream Services in Cloud Pak for Automation", + "version": { + "version_data": [ + { + "version_value": "19.0.0.3" + } + ] + } + } + ] + } + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.", - "lang" : "eng" - } - ] - } -} + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "C": "N", + "S": "U", + "A": "H", + "PR": "L", + "SCORE": "6.500", + "I": "N", + "AV": "N", + "AC": "L", + "UI": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6852.json b/2020/6xxx/CVE-2020-6852.json index 04769f890d7..842d8c36163 100644 --- a/2020/6xxx/CVE-2020-6852.json +++ b/2020/6xxx/CVE-2020-6852.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6852", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6852", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cacagoo.com", + "refsource": "MISC", + "name": "https://www.cacagoo.com" + }, + { + "refsource": "MISC", + "name": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/", + "url": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/" } ] } diff --git a/2020/8xxx/CVE-2020-8016.json b/2020/8xxx/CVE-2020-8016.json index bc21934d5ee..2c17331ca8d 100644 --- a/2020/8xxx/CVE-2020-8016.json +++ b/2020/8xxx/CVE-2020-8016.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-04-01T00:00:00.000Z", "ID": "CVE-2020-8016", "STATE": "PUBLIC", @@ -87,7 +87,7 @@ "description_data": [ { "lang": "eng", - "value": "A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges.\nThis issue affects:\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1\ntexlive-filesystem versions prior to 2017.135-9.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP4\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP5\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nopenSUSE Leap 15.1\ntexlive-filesystem versions prior to 2017.135-lp151.8.3.1." + "value": "A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1." } ] }, diff --git a/2020/8xxx/CVE-2020-8017.json b/2020/8xxx/CVE-2020-8017.json index ccd69d39c72..ee83bca7f14 100644 --- a/2020/8xxx/CVE-2020-8017.json +++ b/2020/8xxx/CVE-2020-8017.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-04-02T00:00:00.000Z", "ID": "CVE-2020-8017", "STATE": "PUBLIC", @@ -87,7 +87,7 @@ "description_data": [ { "lang": "eng", - "value": "A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system\nThis issue affects:\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1\ntexlive-filesystem versions prior to 2017.135-9.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP4\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nSUSE Linux Enterprise Software Development Kit 12-SP5\ntexlive-filesystem versions prior to 2013.74-16.5.1.\nopenSUSE Leap 15.1\ntexlive-filesystem versions prior to 2017.135-lp151.8.3.1." + "value": "A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1." } ] }, @@ -138,4 +138,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9349.json b/2020/9xxx/CVE-2020-9349.json index 0d4ba5a3e58..48e22890c91 100644 --- a/2020/9xxx/CVE-2020-9349.json +++ b/2020/9xxx/CVE-2020-9349.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9349", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9349", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cacagoo.com", + "refsource": "MISC", + "name": "https://www.cacagoo.com" + }, + { + "refsource": "MISC", + "name": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/", + "url": "https://insights.oem.avira.com/serious-security-flaws-uncovered-in-cacagoo-ip-cameras/" } ] }