From 0784bcfb65d48aeb549417a2b8ac59d25c553da3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 23:01:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12735.json | 5 +++ 2019/17xxx/CVE-2019-17653.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18998.json | 5 +++ 2020/10xxx/CVE-2020-10184.json | 5 +++ 2020/10xxx/CVE-2020-10185.json | 5 +++ 2020/10xxx/CVE-2020-10534.json | 67 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10535.json | 62 +++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1863.json | 56 ++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7600.json | 55 ++++++++++++++++++++++++++-- 9 files changed, 316 insertions(+), 6 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17653.json create mode 100644 2020/10xxx/CVE-2020-10534.json create mode 100644 2020/10xxx/CVE-2020-10535.json diff --git a/2019/12xxx/CVE-2019-12735.json b/2019/12xxx/CVE-2019-12735.json index 94cd5c76d9b..86574c8fab4 100644 --- a/2019/12xxx/CVE-2019-12735.json +++ b/2019/12xxx/CVE-2019-12735.json @@ -186,6 +186,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-04", + "url": "https://security.gentoo.org/glsa/202003-04" } ] } diff --git a/2019/17xxx/CVE-2019-17653.json b/2019/17xxx/CVE-2019-17653.json new file mode 100644 index 00000000000..8ea4ee0f682 --- /dev/null +++ b/2019/17xxx/CVE-2019-17653.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17653", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "5.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-240", + "url": "https://fortiguard.com/psirt/FG-IR-19-240" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18998.json b/2019/18xxx/CVE-2019-18998.json index 87f9489ecad..be201d363f3 100644 --- a/2019/18xxx/CVE-2019-18998.json +++ b/2019/18xxx/CVE-2019-18998.json @@ -85,6 +85,11 @@ "refsource": "CONFIRM", "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch", "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-072-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-02" } ] }, diff --git a/2020/10xxx/CVE-2020-10184.json b/2020/10xxx/CVE-2020-10184.json index 4cc7ff01227..c10ba6a0b05 100644 --- a/2020/10xxx/CVE-2020-10184.json +++ b/2020/10xxx/CVE-2020-10184.json @@ -61,6 +61,11 @@ "url": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40", "refsource": "MISC", "name": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200312 [SECURITY] [DLA 2141-1] yubikey-val security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00014.html" } ] } diff --git a/2020/10xxx/CVE-2020-10185.json b/2020/10xxx/CVE-2020-10185.json index 234f8430bce..e9e68ed90cb 100644 --- a/2020/10xxx/CVE-2020-10185.json +++ b/2020/10xxx/CVE-2020-10185.json @@ -61,6 +61,11 @@ "url": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40", "refsource": "MISC", "name": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200312 [SECURITY] [DLA 2141-1] yubikey-val security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00014.html" } ] } diff --git a/2020/10xxx/CVE-2020-10534.json b/2020/10xxx/CVE-2020-10534.json new file mode 100644 index 00000000000..b54086655c2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10534.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T229731", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T229731" + }, + { + "url": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10535.json b/2020/10xxx/CVE-2020-10535.json new file mode 100644 index 00000000000..08bf8a211bb --- /dev/null +++ b/2020/10xxx/CVE-2020-10535.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1863.json b/2020/1xxx/CVE-2020-1863.json index bb3bd97a030..33214fc9521 100644 --- a/2020/1xxx/CVE-2020-1863.json +++ b/2020/1xxx/CVE-2020-1863.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Huawei USG6000V", + "version": { + "version_data": [ + { + "version_value": "V500R001C20SPC300" + }, + { + "version_value": "V500R003C00SPC100" + }, + { + "version_value": "V500R005C00SPC100" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products." } ] } diff --git a/2020/7xxx/CVE-2020-7600.json b/2020/7xxx/CVE-2020-7600.json index a8755e59d6a..3a455cea2fb 100644 --- a/2020/7xxx/CVE-2020-7600.json +++ b/2020/7xxx/CVE-2020-7600.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "querymen", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef", + "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867", + "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks." } ] }