diff --git a/2019/18xxx/CVE-2019-18426.json b/2019/18xxx/CVE-2019-18426.json index 614041dbb56..e86f7a1fbe4 100644 --- a/2019/18xxx/CVE-2019-18426.json +++ b/2019/18xxx/CVE-2019-18426.json @@ -62,7 +62,12 @@ "refsource": "CONFIRM", "name": "https://www.facebook.com/security/advisories/cve-2019-18426", "url": "https://www.facebook.com/security/advisories/cve-2019-18426" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html" } ] } -} +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0796.json b/2020/0xxx/CVE-2020-0796.json index 44f577b9799..fdd54c79828 100644 --- a/2020/0xxx/CVE-2020-0796.json +++ b/2020/0xxx/CVE-2020-0796.json @@ -141,6 +141,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html" } ] } diff --git a/2020/10xxx/CVE-2020-10808.json b/2020/10xxx/CVE-2020-10808.json index cae81bdfb90..5e5caf6fa5c 100644 --- a/2020/10xxx/CVE-2020-10808.json +++ b/2020/10xxx/CVE-2020-10808.json @@ -66,6 +66,11 @@ "url": "https://github.com/rapid7/metasploit-framework/pull/13094", "refsource": "MISC", "name": "https://github.com/rapid7/metasploit-framework/pull/13094" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html" } ] } diff --git a/2020/11xxx/CVE-2020-11455.json b/2020/11xxx/CVE-2020-11455.json index 2be81baba72..409373ba119 100644 --- a/2020/11xxx/CVE-2020-11455.json +++ b/2020/11xxx/CVE-2020-11455.json @@ -56,6 +56,11 @@ "url": "https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b", "refsource": "MISC", "name": "https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html" } ] } diff --git a/2020/11xxx/CVE-2020-11456.json b/2020/11xxx/CVE-2020-11456.json index 33c60851e3d..f632090df5d 100644 --- a/2020/11xxx/CVE-2020-11456.json +++ b/2020/11xxx/CVE-2020-11456.json @@ -56,6 +56,11 @@ "url": "https://github.com/LimeSurvey/LimeSurvey/commit/04b118acce2a74306f365ef329cbe00efc399b26", "refsource": "MISC", "name": "https://github.com/LimeSurvey/LimeSurvey/commit/04b118acce2a74306f365ef329cbe00efc399b26" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157114/LimeSurvey-4.1.11-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/157114/LimeSurvey-4.1.11-Cross-Site-Scripting.html" } ] } diff --git a/2020/11xxx/CVE-2020-11457.json b/2020/11xxx/CVE-2020-11457.json index 5cc0756dd51..d5fa4743564 100644 --- a/2020/11xxx/CVE-2020-11457.json +++ b/2020/11xxx/CVE-2020-11457.json @@ -61,6 +61,11 @@ "url": "https://github.com/pfsense/pfsense/commit/3c1e53dabe966f27c9097a5a923e77f49ae5fffa", "refsource": "MISC", "name": "https://github.com/pfsense/pfsense/commit/3c1e53dabe966f27c9097a5a923e77f49ae5fffa" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157104/pfSense-2.4.4-P3-User-Manager-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/157104/pfSense-2.4.4-P3-User-Manager-Cross-Site-Scripting.html" } ] } diff --git a/2020/11xxx/CVE-2020-11580.json b/2020/11xxx/CVE-2020-11580.json index b0d570c343d..a373bd87666 100644 --- a/2020/11xxx/CVE-2020-11580.json +++ b/2020/11xxx/CVE-2020-11580.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11580", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11580", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.lsd.cat/g/pulse-host-checker-rce", + "refsource": "MISC", + "name": "https://git.lsd.cat/g/pulse-host-checker-rce" } ] } diff --git a/2020/11xxx/CVE-2020-11581.json b/2020/11xxx/CVE-2020-11581.json index 782bcc7d6f8..79fd477a5d8 100644 --- a/2020/11xxx/CVE-2020-11581.json +++ b/2020/11xxx/CVE-2020-11581.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11581", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11581", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.lsd.cat/g/pulse-host-checker-rce", + "refsource": "MISC", + "name": "https://git.lsd.cat/g/pulse-host-checker-rce" } ] } diff --git a/2020/11xxx/CVE-2020-11582.json b/2020/11xxx/CVE-2020-11582.json index 6821159ce0a..0c768461976 100644 --- a/2020/11xxx/CVE-2020-11582.json +++ b/2020/11xxx/CVE-2020-11582.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11582", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11582", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.lsd.cat/g/pulse-host-checker-rce", + "refsource": "MISC", + "name": "https://git.lsd.cat/g/pulse-host-checker-rce" } ] } diff --git a/2020/11xxx/CVE-2020-11583.json b/2020/11xxx/CVE-2020-11583.json new file mode 100644 index 00000000000..f392cf5cd9b --- /dev/null +++ b/2020/11xxx/CVE-2020-11583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11584.json b/2020/11xxx/CVE-2020-11584.json new file mode 100644 index 00000000000..77c9a411fb3 --- /dev/null +++ b/2020/11xxx/CVE-2020-11584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11585.json b/2020/11xxx/CVE-2020-11585.json new file mode 100644 index 00000000000..7a003cb303a --- /dev/null +++ b/2020/11xxx/CVE-2020-11585.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://neff.blog/2020/04/04/dotnetnuke-9-5-file-path-information-disclosure/", + "refsource": "MISC", + "name": "https://neff.blog/2020/04/04/dotnetnuke-9-5-file-path-information-disclosure/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8644.json b/2020/8xxx/CVE-2020-8644.json index ed9a4e1494e..633bd423019 100644 --- a/2020/8xxx/CVE-2020-8644.json +++ b/2020/8xxx/CVE-2020-8644.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/", "url": "https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html" } ] }