From ed80b720545e5ea084d88fe97db51c2f29c9d368 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 4 Nov 2020 17:01:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/22xxx/CVE-2020-22275.json | 66 ++++++++++++++++++++++++++++--- 2020/22xxx/CVE-2020-22276.json | 66 ++++++++++++++++++++++++++++--- 2020/22xxx/CVE-2020-22277.json | 66 ++++++++++++++++++++++++++++--- 2020/22xxx/CVE-2020-22278.json | 61 ++++++++++++++++++++++++++--- 2020/26xxx/CVE-2020-26167.json | 71 +++++++++++++++++++++++++++++++--- 2020/28xxx/CVE-2020-28042.json | 10 +++++ 6 files changed, 310 insertions(+), 30 deletions(-) diff --git a/2020/22xxx/CVE-2020-22275.json b/2020/22xxx/CVE-2020-22275.json index 09b85308406..ccc4959523a 100644 --- a/2020/22xxx/CVE-2020-22275.json +++ b/2020/22xxx/CVE-2020-22275.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22275", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22275", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://filebin.net/30ceikgukh268yyj", + "refsource": "MISC", + "name": "https://filebin.net/30ceikgukh268yyj" + }, + { + "url": "http://uploadboy.com/ty0715vdcii6/886/mp4", + "refsource": "MISC", + "name": "http://uploadboy.com/ty0715vdcii6/886/mp4" + }, + { + "refsource": "MISC", + "name": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf", + "url": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf" } ] } diff --git a/2020/22xxx/CVE-2020-22276.json b/2020/22xxx/CVE-2020-22276.json index 835ec389f6d..8ea46ce4337 100644 --- a/2020/22xxx/CVE-2020-22276.json +++ b/2020/22xxx/CVE-2020-22276.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22276", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22276", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://filebin.net/khncr59vyfztn6wj", + "refsource": "MISC", + "name": "https://filebin.net/khncr59vyfztn6wj" + }, + { + "url": "http://uploadboy.com/tvvs4p2gf03m/887/mp4", + "refsource": "MISC", + "name": "http://uploadboy.com/tvvs4p2gf03m/887/mp4" + }, + { + "refsource": "MISC", + "name": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22276.pdf", + "url": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22276.pdf" } ] } diff --git a/2020/22xxx/CVE-2020-22277.json b/2020/22xxx/CVE-2020-22277.json index a025a9ffd2a..49e6f95a899 100644 --- a/2020/22xxx/CVE-2020-22277.json +++ b/2020/22xxx/CVE-2020-22277.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22277", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22277", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mega.nz/file/bSQnlS4R#UY_ozLkvXgXFKzqtTRKeB9RXGi6aEQF3X6eKXdSiBt0", + "refsource": "MISC", + "name": "https://mega.nz/file/bSQnlS4R#UY_ozLkvXgXFKzqtTRKeB9RXGi6aEQF3X6eKXdSiBt0" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#:~:text=Install%20Import%20and%20export%20users%20and%20customers%20automatically,is%20uploaded%20and%20extracted%2C%20click%20Activate%20Plugin%20.", + "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#:~:text=Install%20Import%20and%20export%20users%20and%20customers%20automatically,is%20uploaded%20and%20extracted%2C%20click%20Activate%20Plugin%20." + }, + { + "refsource": "MISC", + "name": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22277.pdf", + "url": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22277.pdf" } ] } diff --git a/2020/22xxx/CVE-2020-22278.json b/2020/22xxx/CVE-2020-22278.json index 3ec35bee120..c18abba2ca2 100644 --- a/2020/22xxx/CVE-2020-22278.json +++ b/2020/22xxx/CVE-2020-22278.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22278", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22278", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpMyAdmin through 5.0.2 allows CSV injection via Export Section" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mega.nz/file/ySQnlQSR#vXzY46mgf0CE2ysYpWpbE4O6T_g37--rtaL8pqdHcQs", + "refsource": "MISC", + "name": "https://mega.nz/file/ySQnlQSR#vXzY46mgf0CE2ysYpWpbE4O6T_g37--rtaL8pqdHcQs" + }, + { + "refsource": "MISC", + "name": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22278.pdf", + "url": "https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22278.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26167.json b/2020/26xxx/CVE-2020-26167.json index 5281640bcbc..f0df16040cc 100644 --- a/2020/26xxx/CVE-2020-26167.json +++ b/2020/26xxx/CVE-2020-26167.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26167", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26167", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/cve-2020-26167/" + }, + { + "url": "https://www.getfuelcms.com/", + "refsource": "MISC", + "name": "https://www.getfuelcms.com/" + }, + { + "url": "https://github.com/daylightstudio/FUEL-CMS/", + "refsource": "MISC", + "name": "https://github.com/daylightstudio/FUEL-CMS/" + }, + { + "url": "https://thedaylightstudio.com/", + "refsource": "MISC", + "name": "https://thedaylightstudio.com/" } ] } diff --git a/2020/28xxx/CVE-2020-28042.json b/2020/28xxx/CVE-2020-28042.json index 56631229afa..e2fb08e2147 100644 --- a/2020/28xxx/CVE-2020-28042.json +++ b/2020/28xxx/CVE-2020-28042.json @@ -61,6 +61,16 @@ "url": "https://github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee", "refsource": "MISC", "name": "https://github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee" + }, + { + "refsource": "MISC", + "name": "https://www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/", + "url": "https://www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/" + }, + { + "refsource": "MISC", + "name": "https://www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/", + "url": "https://www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/" } ] },