From e279559db2bc96d506a4fe545d7c5ea956edcf9c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Dec 2020 15:01:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/14xxx/CVE-2020-14248.json | 50 ++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14254.json | 50 ++++++++++++++++++++++++-- 2020/25xxx/CVE-2020-25620.json | 66 ++++++++++++++++++++++++++++++---- 2020/25xxx/CVE-2020-25621.json | 66 ++++++++++++++++++++++++++++++---- 2020/25xxx/CVE-2020-25622.json | 66 ++++++++++++++++++++++++++++++---- 2020/29xxx/CVE-2020-29607.json | 56 +++++++++++++++++++++++++---- 2020/4xxx/CVE-2020-4008.json | 50 ++++++++++++++++++++++++-- 7 files changed, 371 insertions(+), 33 deletions(-) diff --git a/2020/14xxx/CVE-2020-14248.json b/2020/14xxx/CVE-2020-14248.json index 05eb23d904d..ffc48fbc050 100644 --- a/2020/14xxx/CVE-2020-14248.json +++ b/2020/14xxx/CVE-2020-14248.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL BigFix Inventory", + "version": { + "version_data": [ + { + "version_value": "v9, v10.0.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security misconfiguration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." } ] } diff --git a/2020/14xxx/CVE-2020-14254.json b/2020/14xxx/CVE-2020-14254.json index f3dd0c159f4..b4f017638c9 100644 --- a/2020/14xxx/CVE-2020-14254.json +++ b/2020/14xxx/CVE-2020-14254.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HCL BigFix Inventory", + "version": { + "version_data": [ + { + "version_value": "v9.x, v10.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Misconfiguration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it." } ] } diff --git a/2020/25xxx/CVE-2020-25620.json b/2020/25xxx/CVE-2020-25620.json index a1edf17a894..341dd13eb4e 100644 --- a/2020/25xxx/CVE-2020-25620.json +++ b/2020/25xxx/CVE-2020-25620.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25620", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25620", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.solarwinds.com/SuccessCenter/s/", + "refsource": "MISC", + "name": "https://support.solarwinds.com/SuccessCenter/s/" + }, + { + "url": "https://ernw.de/en/publications.html", + "refsource": "MISC", + "name": "https://ernw.de/en/publications.html" + }, + { + "refsource": "MISC", + "name": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/", + "url": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/" } ] } diff --git a/2020/25xxx/CVE-2020-25621.json b/2020/25xxx/CVE-2020-25621.json index fab9e9e447a..2c5e75178a7 100644 --- a/2020/25xxx/CVE-2020-25621.json +++ b/2020/25xxx/CVE-2020-25621.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25621", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25621", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.solarwinds.com/SuccessCenter/s/", + "refsource": "MISC", + "name": "https://support.solarwinds.com/SuccessCenter/s/" + }, + { + "url": "https://ernw.de/en/publications.html", + "refsource": "MISC", + "name": "https://ernw.de/en/publications.html" + }, + { + "refsource": "MISC", + "name": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/", + "url": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/" } ] } diff --git a/2020/25xxx/CVE-2020-25622.json b/2020/25xxx/CVE-2020-25622.json index 14261c158ad..0481789ec0b 100644 --- a/2020/25xxx/CVE-2020-25622.json +++ b/2020/25xxx/CVE-2020-25622.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25622", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25622", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.solarwinds.com/SuccessCenter/s/", + "refsource": "MISC", + "name": "https://support.solarwinds.com/SuccessCenter/s/" + }, + { + "url": "https://ernw.de/en/publications.html", + "refsource": "MISC", + "name": "https://ernw.de/en/publications.html" + }, + { + "refsource": "MISC", + "name": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/", + "url": "https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/" } ] } diff --git a/2020/29xxx/CVE-2020-29607.json b/2020/29xxx/CVE-2020-29607.json index e5558be71aa..5d959737895 100644 --- a/2020/29xxx/CVE-2020-29607.json +++ b/2020/29xxx/CVE-2020-29607.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29607", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29607", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the \"manage files\" functionality, which may result in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pluck-cms/pluck/issues/96", + "refsource": "MISC", + "name": "https://github.com/pluck-cms/pluck/issues/96" } ] } diff --git a/2020/4xxx/CVE-2020-4008.json b/2020/4xxx/CVE-2020-4008.json index 11fb4f045cd..329b8a1c425 100644 --- a/2020/4xxx/CVE-2020-4008.json +++ b/2020/4xxx/CVE-2020-4008.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Carbon Black Cloud macOS Sensor", + "version": { + "version_data": [ + { + "version_value": "VMware Carbon Black Cloud macOS Sensor prior to 3.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File overwrite issue" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0028.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0028.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The installer of the macOS Sensor for VMware Carbon Black Cloud prior to 3.5.1 handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation." } ] }