From fa074444540cefd8cbc471ae404cad66b0dee28f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Apr 2020 18:01:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20062.json | 5 +++ 2019/16xxx/CVE-2019-16383.json | 5 +++ 2019/18xxx/CVE-2019-18822.json | 67 ++++++++++++++++++++++++++++++++++ 2019/20xxx/CVE-2019-20085.json | 5 +++ 2019/9xxx/CVE-2019-9082.json | 5 +++ 2020/10xxx/CVE-2020-10384.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10808.json | 5 +++ 2020/11xxx/CVE-2020-11725.json | 7 +++- 2020/2xxx/CVE-2020-2555.json | 5 +++ 9 files changed, 153 insertions(+), 7 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18822.json diff --git a/2018/20xxx/CVE-2018-20062.json b/2018/20xxx/CVE-2018-20062.json index ae5ab8a25d8..09a2b786ef8 100644 --- a/2018/20xxx/CVE-2018-20062.json +++ b/2018/20xxx/CVE-2018-20062.json @@ -56,6 +56,11 @@ "name": "https://github.com/nangge/noneCms/issues/21", "refsource": "MISC", "url": "https://github.com/nangge/noneCms/issues/21" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html" } ] } diff --git a/2019/16xxx/CVE-2019-16383.json b/2019/16xxx/CVE-2019-16383.json index dc3f40444c9..0f39c80bb24 100644 --- a/2019/16xxx/CVE-2019-16383.json +++ b/2019/16xxx/CVE-2019-16383.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm", "url": "https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157208/MOVEit-Transfer-11.1.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/157208/MOVEit-Transfer-11.1.1-SQL-Injection.html" } ] } diff --git a/2019/18xxx/CVE-2019-18822.json b/2019/18xxx/CVE-2019-18822.json new file mode 100644 index 00000000000..7af37d98863 --- /dev/null +++ b/2019/18xxx/CVE-2019-18822.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zoomint.com/solutions/call-recording", + "refsource": "MISC", + "name": "https://www.zoomint.com/solutions/call-recording" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-18822-PrivEscal-ZoomCallRecording", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-18822-PrivEscal-ZoomCallRecording" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20085.json b/2019/20xxx/CVE-2019-20085.json index 338be1a4f60..a1c62bb9fbc 100644 --- a/2019/20xxx/CVE-2019-20085.json +++ b/2019/20xxx/CVE-2019-20085.json @@ -56,6 +56,11 @@ "url": "https://www.exploit-db.com/exploits/47774", "refsource": "MISC", "name": "https://www.exploit-db.com/exploits/47774" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157196/TVT-NVMS-1000-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/157196/TVT-NVMS-1000-Directory-Traversal.html" } ] } diff --git a/2019/9xxx/CVE-2019-9082.json b/2019/9xxx/CVE-2019-9082.json index a015d2b62fa..9e989141322 100644 --- a/2019/9xxx/CVE-2019-9082.json +++ b/2019/9xxx/CVE-2019-9082.json @@ -61,6 +61,11 @@ "name": "46488", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46488/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html" } ] } diff --git a/2020/10xxx/CVE-2020-10384.json b/2020/10xxx/CVE-2020-10384.json index 62cd9b55d06..60f244b811a 100644 --- a/2020/10xxx/CVE-2020-10384.json +++ b/2020/10xxx/CVE-2020-10384.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10384", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10384", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is a local privilege escalation from the www-data account to the root account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html", + "url": "https://www.mbconnectline.de/en/support/sicherheitshinweise.html" } ] } diff --git a/2020/10xxx/CVE-2020-10808.json b/2020/10xxx/CVE-2020-10808.json index 5e5caf6fa5c..1554aedd6d7 100644 --- a/2020/10xxx/CVE-2020-10808.json +++ b/2020/10xxx/CVE-2020-10808.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html" } ] } diff --git a/2020/11xxx/CVE-2020-11725.json b/2020/11xxx/CVE-2020-11725.json index 39ea38322db..783121a220c 100644 --- a/2020/11xxx/CVE-2020-11725.json +++ b/2020/11xxx/CVE-2020-11725.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner typo, which is mishandled in the private_size*count multiplication." + "value": "** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified \"interesting side effects.\" NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the \"owner\" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way." } ] }, @@ -61,6 +61,11 @@ "url": "https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474", "refsource": "MISC", "name": "https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/", + "url": "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/" } ] } diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index 3e65a031ef5..ec23b4a8c98 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html" } ] }