diff --git a/cves/2020/CVE-2020-8515.yaml b/cves/2020/CVE-2020-8515.yaml index 0b540a1796..30404cf527 100644 --- a/cves/2020/CVE-2020-8515.yaml +++ b/cves/2020/CVE-2020-8515.yaml @@ -4,13 +4,12 @@ info: name: DrayTek pre-auth RCE author: pikpikcu severity: critical - reference: https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ + description: DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. + reference: | + - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) + - https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ tags: cve,cve2020,rce - # References: - # https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) - # https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ - requests: - raw: - | diff --git a/cves/2020/CVE-2020-9344.yaml b/cves/2020/CVE-2020-9344.yaml index 0dd448d74a..1d5e78f380 100644 --- a/cves/2020/CVE-2020-9344.yaml +++ b/cves/2020/CVE-2020-9344.yaml @@ -6,10 +6,10 @@ info: severity: medium description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. tags: cve,cve2020,atlassian,jira,xss - -# source:- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344 -# https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin -# https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt + reference: | + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344 + - https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin + - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt requests: - method: GET diff --git a/cves/2020/CVE-2020-9425.yaml b/cves/2020/CVE-2020-9425.yaml index 2c0b8fcc55..9daed3727e 100644 --- a/cves/2020/CVE-2020-9425.yaml +++ b/cves/2020/CVE-2020-9425.yaml @@ -3,7 +3,10 @@ info: name: rConfig Unauthenticated Sensitive Information Disclosure author: madrobot severity: high - reference: https://nvd.nist.gov/vuln/detail/CVE-2020-9425 + description: An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. + reference: | + - https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153 + - https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9 tags: cve,cve2020,rconfig requests: diff --git a/cves/2020/CVE-2020-9483.yaml b/cves/2020/CVE-2020-9483.yaml index 9000e8b8f2..e0017d5eda 100644 --- a/cves/2020/CVE-2020-9483.yaml +++ b/cves/2020/CVE-2020-9483.yaml @@ -4,7 +4,9 @@ info: name: SkyWalking SQLI author: pikpikcu severity: high - reference: https://nvd.nist.gov/vuln/detail/CVE-2020-9483 + description: | + When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters. + reference: https://github.com/apache/skywalking/pull/4639 tags: cve,cve2020,sqli,skywalking requests: