diff --git a/2019/12xxx/CVE-2019-12921.json b/2019/12xxx/CVE-2019-12921.json index e2724d7b177..5b06e62e61f 100644 --- a/2019/12xxx/CVE-2019-12921.json +++ b/2019/12xxx/CVE-2019-12921.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0429", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4675", + "url": "https://www.debian.org/security/2020/dsa-4675" } ] } diff --git a/2019/16xxx/CVE-2019-16217.json b/2019/16xxx/CVE-2019-16217.json index f3fb5373cd2..2861bb9368b 100644 --- a/2019/16xxx/CVE-2019-16217.json +++ b/2019/16xxx/CVE-2019-16217.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/16xxx/CVE-2019-16218.json b/2019/16xxx/CVE-2019-16218.json index cef30436252..46a6759c182 100644 --- a/2019/16xxx/CVE-2019-16218.json +++ b/2019/16xxx/CVE-2019-16218.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/16xxx/CVE-2019-16219.json b/2019/16xxx/CVE-2019-16219.json index 979e155aff3..8f18a9e2bf0 100644 --- a/2019/16xxx/CVE-2019-16219.json +++ b/2019/16xxx/CVE-2019-16219.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/16xxx/CVE-2019-16220.json b/2019/16xxx/CVE-2019-16220.json index 536524bfc93..c508b072d96 100644 --- a/2019/16xxx/CVE-2019-16220.json +++ b/2019/16xxx/CVE-2019-16220.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/16xxx/CVE-2019-16221.json b/2019/16xxx/CVE-2019-16221.json index 6c292eec47a..8d98b231a34 100644 --- a/2019/16xxx/CVE-2019-16221.json +++ b/2019/16xxx/CVE-2019-16221.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/16xxx/CVE-2019-16222.json b/2019/16xxx/CVE-2019-16222.json index a5c2ae1a900..55556a45bbd 100644 --- a/2019/16xxx/CVE-2019-16222.json +++ b/2019/16xxx/CVE-2019-16222.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/16xxx/CVE-2019-16223.json b/2019/16xxx/CVE-2019-16223.json index 33606901e77..ad62d31e275 100644 --- a/2019/16xxx/CVE-2019-16223.json +++ b/2019/16xxx/CVE-2019-16223.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/16xxx/CVE-2019-16780.json b/2019/16xxx/CVE-2019-16780.json index 13e8210ab08..5b1e5bbd16b 100644 --- a/2019/16xxx/CVE-2019-16780.json +++ b/2019/16xxx/CVE-2019-16780.json @@ -105,6 +105,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2019/16xxx/CVE-2019-16781.json b/2019/16xxx/CVE-2019-16781.json index 89a47dacbf8..54ac4a52a83 100644 --- a/2019/16xxx/CVE-2019-16781.json +++ b/2019/16xxx/CVE-2019-16781.json @@ -100,6 +100,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2019/17xxx/CVE-2019-17361.json b/2019/17xxx/CVE-2019-17361.json index f0fb92bb67a..1fcdaa03db1 100644 --- a/2019/17xxx/CVE-2019-17361.json +++ b/2019/17xxx/CVE-2019-17361.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0357", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4676", + "url": "https://www.debian.org/security/2020/dsa-4676" } ] } diff --git a/2019/17xxx/CVE-2019-17669.json b/2019/17xxx/CVE-2019-17669.json index feb69e4903b..b591c41a204 100644 --- a/2019/17xxx/CVE-2019-17669.json +++ b/2019/17xxx/CVE-2019-17669.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/17xxx/CVE-2019-17671.json b/2019/17xxx/CVE-2019-17671.json index 82cd5443db5..1581577ce71 100644 --- a/2019/17xxx/CVE-2019-17671.json +++ b/2019/17xxx/CVE-2019-17671.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/17xxx/CVE-2019-17672.json b/2019/17xxx/CVE-2019-17672.json index abb1536e1d4..7d97af67ffe 100644 --- a/2019/17xxx/CVE-2019-17672.json +++ b/2019/17xxx/CVE-2019-17672.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/17xxx/CVE-2019-17673.json b/2019/17xxx/CVE-2019-17673.json index 60d21adeb2b..a9b7f43a97e 100644 --- a/2019/17xxx/CVE-2019-17673.json +++ b/2019/17xxx/CVE-2019-17673.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/17xxx/CVE-2019-17674.json b/2019/17xxx/CVE-2019-17674.json index 932a3b970d6..ff4d114e71e 100644 --- a/2019/17xxx/CVE-2019-17674.json +++ b/2019/17xxx/CVE-2019-17674.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/17xxx/CVE-2019-17675.json b/2019/17xxx/CVE-2019-17675.json index 7ac9b28d6d2..423b822d2b0 100644 --- a/2019/17xxx/CVE-2019-17675.json +++ b/2019/17xxx/CVE-2019-17675.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/19xxx/CVE-2019-19166.json b/2019/19xxx/CVE-2019-19166.json index 69f25001203..0de99dac5d9 100644 --- a/2019/19xxx/CVE-2019-19166.json +++ b/2019/19xxx/CVE-2019-19166.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-19166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tobesoft XPlatform Arbitrary File Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XPlatform", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "9.2.2", + "version_value": "9.2.2.260" + } + ] + } + } + ] + }, + "vendor_name": "Tobesoft" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Jeongun Baek for reporting this vulnerability" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "http://support.tobesoft.co.kr/Support/index.html", + "name": "http://support.tobesoft.co.kr/Support/index.html" + }, + { + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35357", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35357" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19167.json b/2019/19xxx/CVE-2019-19167.json index 7ccd493edab..286d5c10963 100644 --- a/2019/19xxx/CVE-2019-19167.json +++ b/2019/19xxx/CVE-2019-19167.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-19167", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tobesoft Nexacro14 ActiveX File Download Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nexacro14", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "2019.9.25.1", + "version_value": "14.0.1.3400" + } + ] + } + } + ] + }, + "vendor_name": "Tobesoft" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Jeongun Baek for reporting this vulnerability" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "http://support.tobesoft.co.kr/Support/index.html", + "name": "http://support.tobesoft.co.kr/Support/index.html" + }, + { + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35358", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35358" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19168.json b/2019/19xxx/CVE-2019-19168.json index 257be317c4b..11ee77d95da 100644 --- a/2019/19xxx/CVE-2019-19168.json +++ b/2019/19xxx/CVE-2019-19168.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-19168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dext.ocx ActiveX Control in Dext5 Upload", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_name": "5.0.0.116 and prior", + "version_value": "5.0.0.117" + } + ] + } + } + ] + }, + "vendor_name": "RAONwiz" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File download & execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26", + "name": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26" + }, + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35352" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19169.json b/2019/19xxx/CVE-2019-19169.json index fddb1ecf07c..b4ae93ac769 100644 --- a/2019/19xxx/CVE-2019-19169.json +++ b/2019/19xxx/CVE-2019-19169.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-19169", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dext.ocx ActiveX Control in Dext5 Upload", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_name": "5.0.0.116 and prior", + "version_value": "5.0.0.117" + } + ] + } + } + ] + }, + "vendor_name": "RAONwiz" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File download" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26", + "name": "http://www.dext5.com/page/support/notice_view.aspx?pSeq=26" + }, + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35353", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35353" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20041.json b/2019/20xxx/CVE-2019-20041.json index 58577af2991..b3fafcfa85f 100644 --- a/2019/20xxx/CVE-2019-20041.json +++ b/2019/20xxx/CVE-2019-20041.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200114 [SECURITY] [DLA 2067-1] wordpress security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/20xxx/CVE-2019-20042.json b/2019/20xxx/CVE-2019-20042.json index ab6299e1ed9..dc67a90a287 100644 --- a/2019/20xxx/CVE-2019-20042.json +++ b/2019/20xxx/CVE-2019-20042.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/509930", "url": "https://hackerone.com/reports/509930" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/20xxx/CVE-2019-20043.json b/2019/20xxx/CVE-2019-20043.json index 3a80f262f25..dba8f8c482f 100644 --- a/2019/20xxx/CVE-2019-20043.json +++ b/2019/20xxx/CVE-2019-20043.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw", "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2019/9xxx/CVE-2019-9787.json b/2019/9xxx/CVE-2019-9787.json index 676681bb92d..780801826db 100644 --- a/2019/9xxx/CVE-2019-9787.json +++ b/2019/9xxx/CVE-2019-9787.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] } diff --git a/2020/10xxx/CVE-2020-10938.json b/2020/10xxx/CVE-2020-10938.json index 734ad102134..9ad36d63eb9 100644 --- a/2020/10xxx/CVE-2020-10938.json +++ b/2020/10xxx/CVE-2020-10938.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4675", + "url": "https://www.debian.org/security/2020/dsa-4675" } ] } diff --git a/2020/11xxx/CVE-2020-11025.json b/2020/11xxx/CVE-2020-11025.json index 4c915172e66..9410721553e 100644 --- a/2020/11xxx/CVE-2020-11025.json +++ b/2020/11xxx/CVE-2020-11025.json @@ -129,6 +129,11 @@ "name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates", "refsource": "MISC", "url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2020/11xxx/CVE-2020-11026.json b/2020/11xxx/CVE-2020-11026.json index 3cbd161d1c8..c1f76cc5680 100644 --- a/2020/11xxx/CVE-2020-11026.json +++ b/2020/11xxx/CVE-2020-11026.json @@ -129,6 +129,11 @@ "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2", "refsource": "CONFIRM", "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2020/11xxx/CVE-2020-11027.json b/2020/11xxx/CVE-2020-11027.json index 7383d5c5279..30bf562f55f 100644 --- a/2020/11xxx/CVE-2020-11027.json +++ b/2020/11xxx/CVE-2020-11027.json @@ -129,6 +129,11 @@ "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw", "refsource": "CONFIRM", "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2020/11xxx/CVE-2020-11028.json b/2020/11xxx/CVE-2020-11028.json index 6ae5250a4ec..7c918bab10e 100644 --- a/2020/11xxx/CVE-2020-11028.json +++ b/2020/11xxx/CVE-2020-11028.json @@ -129,6 +129,11 @@ "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w", "refsource": "CONFIRM", "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2020/11xxx/CVE-2020-11029.json b/2020/11xxx/CVE-2020-11029.json index 175c741fa8d..7d4592f9494 100644 --- a/2020/11xxx/CVE-2020-11029.json +++ b/2020/11xxx/CVE-2020-11029.json @@ -129,6 +129,11 @@ "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c", "refsource": "CONFIRM", "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2020/11xxx/CVE-2020-11030.json b/2020/11xxx/CVE-2020-11030.json index bd9238edb0a..d1bfc2c84d8 100644 --- a/2020/11xxx/CVE-2020-11030.json +++ b/2020/11xxx/CVE-2020-11030.json @@ -129,6 +129,11 @@ "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh", "refsource": "CONFIRM", "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4677", + "url": "https://www.debian.org/security/2020/dsa-4677" } ] }, diff --git a/2020/11xxx/CVE-2020-11651.json b/2020/11xxx/CVE-2020-11651.json index 2e6d4ce3964..75ec05d3e12 100644 --- a/2020/11xxx/CVE-2020-11651.json +++ b/2020/11xxx/CVE-2020-11651.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4676", + "url": "https://www.debian.org/security/2020/dsa-4676" } ] } diff --git a/2020/11xxx/CVE-2020-11652.json b/2020/11xxx/CVE-2020-11652.json index 383ad0fffa6..3bf6b0e5070 100644 --- a/2020/11xxx/CVE-2020-11652.json +++ b/2020/11xxx/CVE-2020-11652.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4676", + "url": "https://www.debian.org/security/2020/dsa-4676" } ] } diff --git a/2020/12xxx/CVE-2020-12142.json b/2020/12xxx/CVE-2020-12142.json index 31567aacaed..ac83338d263 100644 --- a/2020/12xxx/CVE-2020-12142.json +++ b/2020/12xxx/CVE-2020-12142.json @@ -12,11 +12,11 @@ "product": { "product_data": [ { - "product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP\u202f", + "product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP\u202f ", "version": { "version_data": [ { - "version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+" + "version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ " } ] } @@ -47,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "a. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. b. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. Resolution \u2022 EdgeConnect software has been modified to prevent users from accessing IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. \u2022 EdgeConnect software has been modified to allow customers to choose not to persist the IPSec seed for additional security. Any required configuration Upgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. 8. Product affected All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable" + "value": "1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell." } ] }, @@ -86,19 +86,19 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://www.silver-peak.com/support/user-documentation/security-advisories", - "name": "https://www.silver-peak.com/support/user-documentation/security-advisories" + "url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf", + "name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf" } ] }, "solution": [ { "lang": "eng", - "value": "The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12142. \n" + "value": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf" } ], "source": { - "advisory": "2020 -04-24-001 -001", + "advisory": "2020 -04-24-001- 001", "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12143.json b/2020/12xxx/CVE-2020-12143.json index f7693eaf592..ab3878006f2 100644 --- a/2020/12xxx/CVE-2020-12143.json +++ b/2020/12xxx/CVE-2020-12143.json @@ -17,7 +17,7 @@ "version_data": [ { "version_name": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ ", - "version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+" + "version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ " } ] } @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "Summary - The certificate used to identify Orchestrator to EdgeConnect devices is not validated Details: The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Product affected - All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ 1. Silver Peak product(s) Applicability 2. Unity EdgeConnect, NX, VX Applicable 3. Unity Orchestrator Applicable 4. EdgeConnect in AWS, Azure, GCP Applicable 5. Silver Peak Cloud Services Not Applicable Resolution \u2022 Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Orchestrator. After the changes, EdgeConnect will validate the certificate used to identify the Orchestrator to EdgeConnect. \u2022 TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. Any required configuration \u2022 Do not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \u2022 Upgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \u2022 In Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings." + "value": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator." } ] }, @@ -87,15 +87,15 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://www.silver-peak.com/support/user-documentation/security-advisories", - "name": "https://www.silver-peak.com/support/user-documentation/security-advisories" + "url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf", + "name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf" } ] }, "solution": [ { "lang": "eng", - "value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12143. \n" + "value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf\n" } ], "source": { diff --git a/2020/12xxx/CVE-2020-12144.json b/2020/12xxx/CVE-2020-12144.json index 895577bf519..0a757891c40 100644 --- a/2020/12xxx/CVE-2020-12144.json +++ b/2020/12xxx/CVE-2020-12144.json @@ -42,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "Details The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. Product affected All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable Resolution \u2022 Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. \u2022 TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. Any required configuration \u2022 Do not change Cloud Portal\u2019s IP address as discovered by the EdgeConnect appliance. \u2022 Upgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \u2022 In Orchestrator, enable the \u201cVerify Portal Certificate\u201d option under Advanced Security Settings." + "value": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal." } ] }, @@ -81,8 +81,8 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://www.silver-peak.com/support/user-documentation/security-advisories", - "name": "https://www.silver-peak.com/support/user-documentation/security-advisories" + "url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf", + "name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf" } ] }, @@ -93,7 +93,7 @@ }, { "lang": "eng", - "value": "The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12144. \n\n" + "value": "The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf" } ], "source": { diff --git a/2020/2xxx/CVE-2020-2181.json b/2020/2xxx/CVE-2020-2181.json index 721978004c3..03f762453d8 100644 --- a/2020/2xxx/CVE-2020-2181.json +++ b/2020/2xxx/CVE-2020-2181.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2181", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2182.json b/2020/2xxx/CVE-2020-2182.json index f25ee693aff..3e4fa5050a3 100644 --- a/2020/2xxx/CVE-2020-2182.json +++ b/2020/2xxx/CVE-2020-2182.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2182", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2183.json b/2020/2xxx/CVE-2020-2183.json index a63c8523b07..132c5896d88 100644 --- a/2020/2xxx/CVE-2020-2183.json +++ b/2020/2xxx/CVE-2020-2183.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2183", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2184.json b/2020/2xxx/CVE-2020-2184.json index 2e69326f9ee..7249eadb52d 100644 --- a/2020/2xxx/CVE-2020-2184.json +++ b/2020/2xxx/CVE-2020-2184.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2184", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2185.json b/2020/2xxx/CVE-2020-2185.json index 55bfca6d58f..ca1bb0840a9 100644 --- a/2020/2xxx/CVE-2020-2185.json +++ b/2020/2xxx/CVE-2020-2185.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2185", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2186.json b/2020/2xxx/CVE-2020-2186.json index bcec863ad84..7f11e25a393 100644 --- a/2020/2xxx/CVE-2020-2186.json +++ b/2020/2xxx/CVE-2020-2186.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2186", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2187.json b/2020/2xxx/CVE-2020-2187.json index 322fda5a280..305bfb0ffb0 100644 --- a/2020/2xxx/CVE-2020-2187.json +++ b/2020/2xxx/CVE-2020-2187.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2187", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2188.json b/2020/2xxx/CVE-2020-2188.json index 011fd424a97..c79447ddf78 100644 --- a/2020/2xxx/CVE-2020-2188.json +++ b/2020/2xxx/CVE-2020-2188.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2188", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2189.json b/2020/2xxx/CVE-2020-2189.json index a4f07b63303..a944c78370a 100644 --- a/2020/2xxx/CVE-2020-2189.json +++ b/2020/2xxx/CVE-2020-2189.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2189", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/4xxx/CVE-2020-4092.json b/2020/4xxx/CVE-2020-4092.json index 70a1e893caa..900a733f438 100644 --- a/2020/4xxx/CVE-2020-4092.json +++ b/2020/4xxx/CVE-2020-4092.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "\"HCL Nomad\"", + "version": { + "version_data": [ + { + "version_value": "\"Android versions 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, and iOS versions 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Sensitive Information Exposure\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0078969", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0078969" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content.\"" } ] } diff --git a/2020/6xxx/CVE-2020-6075.json b/2020/6xxx/CVE-2020-6075.json index fb885624bc1..965964744ce 100644 --- a/2020/6xxx/CVE-2020-6075.json +++ b/2020/6xxx/CVE-2020-6075.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6075", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0998", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0998" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6076.json b/2020/6xxx/CVE-2020-6076.json index 8422c24e5c5..8ccf5b6fc7f 100644 --- a/2020/6xxx/CVE-2020-6076.json +++ b/2020/6xxx/CVE-2020-6076.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6076", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0999", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0999" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6082.json b/2020/6xxx/CVE-2020-6082.json index 1a914c9094e..d0f5db81a78 100644 --- a/2020/6xxx/CVE-2020-6082.json +++ b/2020/6xxx/CVE-2020-6082.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.4.0 Accusoft ImageGear 19.5.0 Accusoft ImageGear 19.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1004", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6094.json b/2020/6xxx/CVE-2020-6094.json index 2242f361af9..7c6f455e6f8 100644 --- a/2020/6xxx/CVE-2020-6094.json +++ b/2020/6xxx/CVE-2020-6094.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.4, Accusoft ImageGear 19.5, Accusoft ImageGear 19.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1017", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1017" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2020/7xxx/CVE-2020-7806.json b/2020/7xxx/CVE-2020-7806.json index 3db0c62ed3c..e63949bc94d 100644 --- a/2020/7xxx/CVE-2020-7806.json +++ b/2020/7xxx/CVE-2020-7806.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2020-7806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tobesoft Xplatform ActiveX File Download Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Xplatform", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "9.2.2.250", + "version_value": "9.2.2.260" + } + ] + } + } + ] + }, + "vendor_name": "Tobesoft" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Jeongun Baek for reporting this vulnerability" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "http://support.tobesoft.co.kr/Support/index.html", + "name": "http://support.tobesoft.co.kr/Support/index.html" + }, + { + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35359", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35359" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file