From f99ad361f99db814dee52ff628d2425a600215c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 4 Jun 2020 19:01:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/1xxx/CVE-2005-1513.json | 5 +++ 2005/1xxx/CVE-2005-1514.json | 5 +++ 2005/1xxx/CVE-2005-1515.json | 5 +++ 2020/11xxx/CVE-2020-11679.json | 56 ++++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11680.json | 56 ++++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11681.json | 56 ++++++++++++++++++++++++++++++---- 2020/3xxx/CVE-2020-3811.json | 5 +++ 2020/3xxx/CVE-2020-3812.json | 5 +++ 8 files changed, 175 insertions(+), 18 deletions(-) diff --git a/2005/1xxx/CVE-2005-1513.json b/2005/1xxx/CVE-2005-1513.json index 497df3e8af9..af1f82fbd5c 100644 --- a/2005/1xxx/CVE-2005-1513.json +++ b/2005/1xxx/CVE-2005-1513.json @@ -96,6 +96,11 @@ "refsource": "DEBIAN", "name": "DSA-4692", "url": "https://www.debian.org/security/2020/dsa-4692" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html" } ] } diff --git a/2005/1xxx/CVE-2005-1514.json b/2005/1xxx/CVE-2005-1514.json index deb6d04631c..ef4d15d4d46 100644 --- a/2005/1xxx/CVE-2005-1514.json +++ b/2005/1xxx/CVE-2005-1514.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4692", "url": "https://www.debian.org/security/2020/dsa-4692" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html" } ] } diff --git a/2005/1xxx/CVE-2005-1515.json b/2005/1xxx/CVE-2005-1515.json index 503de041d87..956b95dabaf 100644 --- a/2005/1xxx/CVE-2005-1515.json +++ b/2005/1xxx/CVE-2005-1515.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4692", "url": "https://www.debian.org/security/2020/dsa-4692" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html" } ] } diff --git a/2020/11xxx/CVE-2020-11679.json b/2020/11xxx/CVE-2020-11679.json index 8094d934705..584e15aafb1 100644 --- a/2020/11xxx/CVE-2020-11679.json +++ b/2020/11xxx/CVE-2020-11679.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11679", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11679", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass", + "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass" } ] } diff --git a/2020/11xxx/CVE-2020-11680.json b/2020/11xxx/CVE-2020-11680.json index 402fac44027..72ea9eb1837 100644 --- a/2020/11xxx/CVE-2020-11680.json +++ b/2020/11xxx/CVE-2020-11680.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11680", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11680", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass", + "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass" } ] } diff --git a/2020/11xxx/CVE-2020-11681.json b/2020/11xxx/CVE-2020-11681.json index 81b29de054e..8a88f1348f0 100644 --- a/2020/11xxx/CVE-2020-11681.json +++ b/2020/11xxx/CVE-2020-11681.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11681", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11681", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass", + "url": "https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass" } ] } diff --git a/2020/3xxx/CVE-2020-3811.json b/2020/3xxx/CVE-2020-3811.json index debb566e1fa..52b8141bbfb 100644 --- a/2020/3xxx/CVE-2020-3811.json +++ b/2020/3xxx/CVE-2020-3811.json @@ -67,6 +67,11 @@ "refsource": "MISC", "url": "https://www.debian.org/security/2020/dsa-4692", "name": "https://www.debian.org/security/2020/dsa-4692" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html" } ] } diff --git a/2020/3xxx/CVE-2020-3812.json b/2020/3xxx/CVE-2020-3812.json index c154bd5d22a..f27162698d3 100644 --- a/2020/3xxx/CVE-2020-3812.json +++ b/2020/3xxx/CVE-2020-3812.json @@ -67,6 +67,11 @@ "refsource": "MISC", "url": "https://www.debian.org/security/2020/dsa-4692", "name": "https://www.debian.org/security/2020/dsa-4692" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200604 [SECURITY] [DLA 2234-1] netqmail security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html" } ] }