From f71913fb86ffaf044ce279bcf69a839402c5439f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 30 Jun 2020 14:01:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19161.json | 91 ++++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19163.json | 99 +++++++++++++++++++++++++++++++--- 2020/14xxx/CVE-2020-14073.json | 5 ++ 2020/14xxx/CVE-2020-14472.json | 5 ++ 2020/14xxx/CVE-2020-14473.json | 5 ++ 2020/14xxx/CVE-2020-14943.json | 5 ++ 2020/15xxx/CVE-2020-15411.json | 62 +++++++++++++++++++++ 2020/15xxx/CVE-2020-15412.json | 62 +++++++++++++++++++++ 2020/15xxx/CVE-2020-15413.json | 18 +++++++ 2020/15xxx/CVE-2020-15414.json | 18 +++++++ 2020/15xxx/CVE-2020-15415.json | 67 +++++++++++++++++++++++ 2020/7xxx/CVE-2020-7816.json | 86 ++++++++++++++++++++++++++--- 12 files changed, 505 insertions(+), 18 deletions(-) create mode 100644 2020/15xxx/CVE-2020-15411.json create mode 100644 2020/15xxx/CVE-2020-15412.json create mode 100644 2020/15xxx/CVE-2020-15413.json create mode 100644 2020/15xxx/CVE-2020-15414.json create mode 100644 2020/15xxx/CVE-2020-15415.json diff --git a/2019/19xxx/CVE-2019-19161.json b/2019/19xxx/CVE-2019-19161.json index b5ed9b89407..6780a6c0312 100644 --- a/2019/19xxx/CVE-2019-19161.json +++ b/2019/19xxx/CVE-2019-19161.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-19161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD," }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MIPLATFORM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2016.5.26.1" + } + ] + } + } + ] + }, + "vendor_name": "TOBESOFT.CO.LTD" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Jeongun Baek" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing support for integrity check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.tobesoft.com/Index.do", + "name": "https://www.tobesoft.com/Index.do" + }, + { + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479", + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35479" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19163.json b/2019/19xxx/CVE-2019-19163.json index 84266c8e16e..6625e69978d 100644 --- a/2019/19xxx/CVE-2019-19163.json +++ b/2019/19xxx/CVE-2019-19163.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-19163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Commax WallPad Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wallpad", + "version": { + "version_data": [ + { + "platform": "Linux", + "version_affected": "<", + "version_name": "2019.12.30", + "version_value": "2019.12.30" + } + ] + } + } + ] + }, + "vendor_name": "COMMAX" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to SeongJun Jo for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35477", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35477" + }, + { + "refsource": "MISC", + "url": "https://www.commax.com/index.php?cate1=10&cate2=21&cate3=23&nnum=2016", + "name": "https://www.commax.com/index.php?cate1=10&cate2=21&cate3=23&nnum=2016" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update software over COMMAX WallPad(CDP-1020MB) Firmware 2019.12.30 version or higher.\n" + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14073.json b/2020/14xxx/CVE-2020-14073.json index 355221af23f..e66e661228f 100644 --- a/2020/14xxx/CVE-2020-14073.json +++ b/2020/14xxx/CVE-2020-14073.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df", "url": "https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df" + }, + { + "refsource": "MISC", + "name": "https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-about", + "url": "https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-about" } ] } diff --git a/2020/14xxx/CVE-2020-14472.json b/2020/14xxx/CVE-2020-14472.json index 712d52c9bfc..95114256bd0 100644 --- a/2020/14xxx/CVE-2020-14472.json +++ b/2020/14xxx/CVE-2020-14472.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472)", "url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472)" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14472.md", + "url": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14472.md" } ] }, diff --git a/2020/14xxx/CVE-2020-14473.json b/2020/14xxx/CVE-2020-14473.json index 8331a572715..054ad2961dc 100644 --- a/2020/14xxx/CVE-2020-14473.json +++ b/2020/14xxx/CVE-2020-14473.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", "url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md", + "url": "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md" } ] }, diff --git a/2020/14xxx/CVE-2020-14943.json b/2020/14xxx/CVE-2020-14943.json index ef41f9e3710..f7369c454bf 100644 --- a/2020/14xxx/CVE-2020-14943.json +++ b/2020/14xxx/CVE-2020-14943.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/158217/BSA-Radar-1.6.7234.24750-Cross-Site-Scripting.html", "url": "http://packetstormsecurity.com/files/158217/BSA-Radar-1.6.7234.24750-Cross-Site-Scripting.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/48619" } ] } diff --git a/2020/15xxx/CVE-2020-15411.json b/2020/15xxx/CVE-2020-15411.json new file mode 100644 index 00000000000..1fa7f8e0fbf --- /dev/null +++ b/2020/15xxx/CVE-2020-15411.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-15411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/d14ce7de709cdde3ecc9433e38e14c682894e88a", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/d14ce7de709cdde3ecc9433e38e14c682894e88a" + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15412.json b/2020/15xxx/CVE-2020-15412.json new file mode 100644 index 00000000000..0a639c38624 --- /dev/null +++ b/2020/15xxx/CVE-2020-15412.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-15412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef" + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15413.json b/2020/15xxx/CVE-2020-15413.json new file mode 100644 index 00000000000..73b429dca17 --- /dev/null +++ b/2020/15xxx/CVE-2020-15413.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15413", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15414.json b/2020/15xxx/CVE-2020-15414.json new file mode 100644 index 00000000000..c0bd5604520 --- /dev/null +++ b/2020/15xxx/CVE-2020-15414.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-15414", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15415.json b/2020/15xxx/CVE-2020-15415.json new file mode 100644 index 00000000000..3af2728297b --- /dev/null +++ b/2020/15xxx/CVE-2020-15415.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-15415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.draytek.com/about/security-advisory", + "refsource": "MISC", + "name": "https://www.draytek.com/about/security-advisory" + }, + { + "url": "https://github.com/CLP-team/Vigor-Commond-Injection", + "refsource": "MISC", + "name": "https://github.com/CLP-team/Vigor-Commond-Injection" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7816.json b/2020/7xxx/CVE-2020-7816.json index dfdd55bf8ae..c75eb760e23 100644 --- a/2020/7xxx/CVE-2020-7816.json +++ b/2020/7xxx/CVE-2020-7816.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2020-06-30T06:00:00.000Z", "ID": "CVE-2020-7816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DaView Indy, DaVA+, DaOffice", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "v8.995" + } + ] + } + } + ] + }, + "vendor_name": "HUMAN TALK" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "UNKNOWN" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35483", + "refsource": "CONFIRM", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35483" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file