diff --git a/2020/10xxx/CVE-2020-10381.json b/2020/10xxx/CVE-2020-10381.json index 592e42be1fe..4ce259f6337 100644 --- a/2020/10xxx/CVE-2020-10381.json +++ b/2020/10xxx/CVE-2020-10381.json @@ -54,8 +54,8 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html", - "url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html" + "name": "https://mbconnectline.com/security-advice/", + "url": "https://mbconnectline.com/security-advice/" } ] } diff --git a/2020/10xxx/CVE-2020-10382.json b/2020/10xxx/CVE-2020-10382.json index 016cb5b4305..9af2057b407 100644 --- a/2020/10xxx/CVE-2020-10382.json +++ b/2020/10xxx/CVE-2020-10382.json @@ -54,8 +54,8 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html", - "url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html" + "name": "https://mbconnectline.com/security-advice/", + "url": "https://mbconnectline.com/security-advice/" } ] } diff --git a/2020/10xxx/CVE-2020-10383.json b/2020/10xxx/CVE-2020-10383.json index 8e3dc9abdb8..f11e14f57c5 100644 --- a/2020/10xxx/CVE-2020-10383.json +++ b/2020/10xxx/CVE-2020-10383.json @@ -54,8 +54,8 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html", - "url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html" + "name": "https://mbconnectline.com/security-advice/", + "url": "https://mbconnectline.com/security-advice/" } ] } diff --git a/2020/10xxx/CVE-2020-10384.json b/2020/10xxx/CVE-2020-10384.json index 60f244b811a..a79f27b19dc 100644 --- a/2020/10xxx/CVE-2020-10384.json +++ b/2020/10xxx/CVE-2020-10384.json @@ -54,8 +54,8 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html", - "url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html" + "name": "https://mbconnectline.com/security-advice/", + "url": "https://mbconnectline.com/security-advice/" } ] } diff --git a/2020/15xxx/CVE-2020-15049.json b/2020/15xxx/CVE-2020-15049.json index 5500b289c69..09138ce03cc 100644 --- a/2020/15xxx/CVE-2020-15049.json +++ b/2020/15xxx/CVE-2020-15049.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4551-1", "url": "https://usn.ubuntu.com/4551-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" } ] }, diff --git a/2020/15xxx/CVE-2020-15230.json b/2020/15xxx/CVE-2020-15230.json index a4bf3962877..7739af1c820 100644 --- a/2020/15xxx/CVE-2020-15230.json +++ b/2020/15xxx/CVE-2020-15230.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected.\n\nThis is fixed in version 4.29.4." + "value": "Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4." } ] }, diff --git a/2020/15xxx/CVE-2020-15588.json b/2020/15xxx/CVE-2020-15588.json index 53f80abe872..f20aad5759a 100644 --- a/2020/15xxx/CVE-2020-15588.json +++ b/2020/15xxx/CVE-2020-15588.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the client side of Zoho ManageEngine Desktop Central before 10.0.533. An attacker-controlled server can trigger an integer overflow via a crafted header value." + "value": "An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges." } ] }, diff --git a/2020/15xxx/CVE-2020-15810.json b/2020/15xxx/CVE-2020-15810.json index 5fd467d4251..feda8a05130 100644 --- a/2020/15xxx/CVE-2020-15810.json +++ b/2020/15xxx/CVE-2020-15810.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4551-1", "url": "https://usn.ubuntu.com/4551-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" } ] } diff --git a/2020/15xxx/CVE-2020-15811.json b/2020/15xxx/CVE-2020-15811.json index f0a6dfe7488..f08751a0dfb 100644 --- a/2020/15xxx/CVE-2020-15811.json +++ b/2020/15xxx/CVE-2020-15811.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4551-1", "url": "https://usn.ubuntu.com/4551-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" } ] } diff --git a/2020/24xxx/CVE-2020-24568.json b/2020/24xxx/CVE-2020-24568.json index dea3d437131..548344dc5ef 100644 --- a/2020/24xxx/CVE-2020-24568.json +++ b/2020/24xxx/CVE-2020-24568.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24568", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24568", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mbconnectline.com/security-advice/", + "url": "https://mbconnectline.com/security-advice/" } ] } diff --git a/2020/24xxx/CVE-2020-24569.json b/2020/24xxx/CVE-2020-24569.json index fe1997b8c8a..f753a03ddf7 100644 --- a/2020/24xxx/CVE-2020-24569.json +++ b/2020/24xxx/CVE-2020-24569.json @@ -53,9 +53,9 @@ "references": { "reference_data": [ { - "url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html", - "refsource": "MISC", - "name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html" + "refsource": "CONFIRM", + "name": "https://mbconnectline.com/security-advice/", + "url": "https://mbconnectline.com/security-advice/" } ] } diff --git a/2020/24xxx/CVE-2020-24570.json b/2020/24xxx/CVE-2020-24570.json index 652814aaf95..3138530886a 100644 --- a/2020/24xxx/CVE-2020-24570.json +++ b/2020/24xxx/CVE-2020-24570.json @@ -53,9 +53,9 @@ "references": { "reference_data": [ { - "url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html", - "refsource": "MISC", - "name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html" + "refsource": "CONFIRM", + "name": "https://mbconnectline.com/security-advice/", + "url": "https://mbconnectline.com/security-advice/" } ] } diff --git a/2020/24xxx/CVE-2020-24606.json b/2020/24xxx/CVE-2020-24606.json index d628b2bdac1..25f2e02c15d 100644 --- a/2020/24xxx/CVE-2020-24606.json +++ b/2020/24xxx/CVE-2020-24606.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4551-1", "url": "https://usn.ubuntu.com/4551-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" } ] }, diff --git a/2020/24xxx/CVE-2020-24627.json b/2020/24xxx/CVE-2020-24627.json index 6d4851e528f..f436f5df382 100644 --- a/2020/24xxx/CVE-2020-24627.json +++ b/2020/24xxx/CVE-2020-24627.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE KVM IP Console Switches", + "version": { + "version_data": [ + { + "version_value": "G2 4x1Ex32 Prior to 2.8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote stored xss" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04044en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04044en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3." } ] } diff --git a/2020/24xxx/CVE-2020-24628.json b/2020/24xxx/CVE-2020-24628.json index 24c8d1edb66..275ed5159b8 100644 --- a/2020/24xxx/CVE-2020-24628.json +++ b/2020/24xxx/CVE-2020-24628.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE KVM IP Console Switches", + "version": { + "version_data": [ + { + "version_value": "G2 4x1Ex32 Prior to 2.8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04044en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04044en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3." } ] } diff --git a/2020/26xxx/CVE-2020-26541.json b/2020/26xxx/CVE-2020-26541.json new file mode 100644 index 00000000000..9fec3826be7 --- /dev/null +++ b/2020/26xxx/CVE-2020-26541.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-26541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lkml.org/lkml/2020/9/15/1871", + "refsource": "MISC", + "name": "https://lkml.org/lkml/2020/9/15/1871" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:R", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26542.json b/2020/26xxx/CVE-2020-26542.json new file mode 100644 index 00000000000..4bd86067310 --- /dev/null +++ b/2020/26xxx/CVE-2020-26542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-26542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file